Gentoo Bug 95937 - mail-client/squirrelmail: XSS issues (CAN-2005-1769)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	95937
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Thierry Carrez (RETIRED) <koon@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
sqm-144-xss.patch	sqm-144-xss.patch	patch	Thierry Carrez (RETIRED)	2005-06-13 02:05 0000	23.44 KB	Details \| Diff
sqm-144-xss.patch	sqm-144-xss.patch	patch	Thierry Carrez (RETIRED)	2005-06-14 01:52 0000	25.48 KB	Details \| Diff
sqm-144-xss.patch	sqm-144-xss.patch	patch	Sune Kloppenborg Jeppesen	2005-06-14 21:11 0000	25.02 KB	Details \| Diff
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 95937 depends on:			Show dependency tree
Bug 95937 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2005-06-13 02:05 0000

Martijn Brinkers discovered that Squirrelmail contains several cross site
scripting attacks, most by URL manipulation, and some by sending a specially
crafted HTML email.

This will be made public on Wednesday, June 15th 2005

------- Comment #1 From Thierry Carrez (RETIRED) 2005-06-13 02:05:55 0000 -------

Created an attachment (id=61134) [edit]
sqm-144-xss.patch

Tentative patch from upstream, applies on 1.4.4-release

------- Comment #2 From Thierry Carrez (RETIRED) 2005-06-13 02:08:29 0000 -------

Cc-ing eradicator so that he gets ready to patch on disclosure date.
eradicator: please do not commit anything in Portage until this is made public.

------- Comment #3 From Thierry Carrez (RETIRED) 2005-06-14 01:52:48 0000 -------

Created an attachment (id=61189) [edit]
sqm-144-xss.patch

New patch version from Squirrelmail team

------- Comment #4 From Sune Kloppenborg Jeppesen 2005-06-14 21:11:54 0000 -------

Created an attachment (id=61245) [edit]
sqm-144-xss.patch

Updated patch.

------- Comment #5 From Sune Kloppenborg Jeppesen 2005-06-15 21:58:06 0000 -------

Now public -> opening. 
 
Eradicator please bump.

------- Comment #6 From Sune Kloppenborg Jeppesen 2005-06-15 21:59:09 0000 -------

*** Bug 96223 has been marked as a duplicate of this bug. ***

------- Comment #7 From Jakub Moc (RETIRED) 2005-06-16 01:04:30 0000 -------

The patch breaks addressbook for me:

 PHP Parse error:  parse error, unexpected '=' in /webmail/src/addressbook.php
on line 346

------- Comment #8 From Jakub Moc (RETIRED) 2005-06-16 01:12:52 0000 -------

(In reply to comment #7)

This works:

@@ -343,6 +343,7 @@
     /* Get and sort address list */
     $alist = $abook->list_addr();
     if(!is_array($alist)) {
+        $abook_error = htmlspecialchars($abook_error);
         plain_error_message($abook->error, $color);
         exit;
     }

Note the underscore instead of a dash.

------- Comment #9 From Thierry Carrez (RETIRED) 2005-06-16 10:09:57 0000 -------

Adding the net-mail herd.

eradicator/net-mail : please bump (see comment #8)

------- Comment #10 From Tuan Van (RETIRED) 2005-06-18 08:27:41 0000 -------

eradicator is away. Acting on behalf of net-mail herd, bumped with patch from
http://prdownloads.sourceforge.net/squirrelmail/sqm-144-xss.patch which fixed
the line mentioned in comment #8. All keywords dropped to ~arch.

------- Comment #11 From Sune Kloppenborg Jeppesen 2005-06-18 08:38:00 0000 -------

Thx Tuan, I informed upstream about the problem a few days ago. Now back to 
stable marking.

------- Comment #12 From Jason Wever (RETIRED) 2005-06-18 12:47:59 0000 -------

Stable on SPARC.

------- Comment #13 From Michael Hanselmann (hansmi) (RETIRED) 2005-06-18 13:12:22 0000 -------

Stable on ppc.

------- Comment #14 From Sune Kloppenborg Jeppesen 2005-06-19 01:35:17 0000 -------

Almost ready for GLSA decision, I vote YES.

------- Comment #15 From Simon Stelling (RETIRED) 2005-06-19 02:24:26 0000 -------

stable on amd64:

squirrelmail-1.4.4-r1.ebuild
39c39
< KEYWORDS="~alpha ~amd64 ppc sparc ~x86"
---
> KEYWORDS="~alpha amd64 ppc sparc ~x86"

note that x86 is still testing

------- Comment #16 From Tuan Van (RETIRED) 2005-06-19 11:24:45 0000 -------

stable on x86.

------- Comment #17 From Sune Kloppenborg Jeppesen 2005-06-19 12:01:55 0000 -------

This one is ready for GLSA decision.

------- Comment #18 From Thierry Carrez (RETIRED) 2005-06-19 12:06:27 0000 -------

I vote YES too.

------- Comment #19 From Sune Kloppenborg Jeppesen 2005-06-21 13:45:44 0000 -------

GLSA 200506-19

------- Comment #20 From Tuan Van (RETIRED) 2005-06-22 16:23:09 0000 -------

*** Bug 96795 has been marked as a duplicate of this bug. ***

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 95937

mail-client/squirrelmail: XSS issues (CAN-2005-1769)

Last modified: 2005-06-22 16:23:09 0000