« Return to Thread: SquirrelMail 1.4.9 Released
SquirrelMail 1.4.9 Released
by Thijs Kinkhorst
::
Rate this Message:
Hello All,
The SquirrelMail Project Team is proud to announce the release of
SquirrelMail 1.4.7. This version is a maintenance release, addressing
the following problems since 1.4.6:
- Some security fixes (see below)
- Small enhancements
- A collection of bugfixes (see ChangeLog)
Security issues
===============
This release addresses security issues found since the release of 1.4.8:
Cross site scripting via malicious input the mailto parameter of
webmail.php, the session and delete_draft parameters of compose.php and
via a shortcoming in the magicHTML filter.
This is CVE-2006-6142. Thanks for Martijn Brinkers for his continued
research that uncovered these issues.
We've also changed SquirrelMail attachment handling to work around an
issue in Internet Explorer: the browser will attempt to guess the MIME
type of attachments based on content, not the MIME header we send.
Attachments could fake to be an 'harmless' image/jpeg, while they were
in fact HTML that Internet Explorer would render.
Further details on SquirrelMail vulnerabilities can be found at the
following address:
http://www.squirrelmail.org/security/
We strongly encourage any persons uncovering security issues to
contact the SquirrelMail team via security <at> squirrelmail.org.
Package md5sums
===============
b3dc6e3c5accb9b88bf6ebfd87336b96 squirrelmail-1.4.9.tar.bz2
5a3ecbda6d8378c68fa40b4ac5b2d487 squirrelmail-1.4.9.tar.gz
875848f25d481b59552d4e93aaacba4c squirrelmail-1.4.9.zip
Download at:
http://www.squirrelmail.org/download.php
Happy SquirrelMailing!
--
Thijs Kinkhorst
SquirrelMail Project Team
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
--
squirrelmail-announce mailing list
List Address: squirrelmail-announce@...
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-announce
The SquirrelMail Project Team is proud to announce the release of
SquirrelMail 1.4.7. This version is a maintenance release, addressing
the following problems since 1.4.6:
- Some security fixes (see below)
- Small enhancements
- A collection of bugfixes (see ChangeLog)
Security issues
===============
This release addresses security issues found since the release of 1.4.8:
Cross site scripting via malicious input the mailto parameter of
webmail.php, the session and delete_draft parameters of compose.php and
via a shortcoming in the magicHTML filter.
This is CVE-2006-6142. Thanks for Martijn Brinkers for his continued
research that uncovered these issues.
We've also changed SquirrelMail attachment handling to work around an
issue in Internet Explorer: the browser will attempt to guess the MIME
type of attachments based on content, not the MIME header we send.
Attachments could fake to be an 'harmless' image/jpeg, while they were
in fact HTML that Internet Explorer would render.
Further details on SquirrelMail vulnerabilities can be found at the
following address:
http://www.squirrelmail.org/security/
We strongly encourage any persons uncovering security issues to
contact the SquirrelMail team via security <at> squirrelmail.org.
Package md5sums
===============
b3dc6e3c5accb9b88bf6ebfd87336b96 squirrelmail-1.4.9.tar.bz2
5a3ecbda6d8378c68fa40b4ac5b2d487 squirrelmail-1.4.9.tar.gz
875848f25d481b59552d4e93aaacba4c squirrelmail-1.4.9.zip
Download at:
http://www.squirrelmail.org/download.php
Happy SquirrelMailing!
--
Thijs Kinkhorst
SquirrelMail Project Team
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
--
squirrelmail-announce mailing list
List Address: squirrelmail-announce@...
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-announce
signature.asc (196 bytes) « Return to Thread: SquirrelMail 1.4.9 Released
| Free embeddable forum powered by Nabble | Forum Help |
