Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
Not eligible to see or edit group visibility for this bug.
View Bug Activity | Format For Printing | XML | Clone This Bug
From: jon@squirrelmail.org Subject: [SM-ANNOUNCE] SquirrelMail 1.4.5 Released Date: July 13, 2005 3:12:31 PM EDT To: squirrelmail-users@lists.sourceforge.net, squirrelmail-plugins@lists.sourceforge.net, bugtraq@securityfocus.com Cc: squirrelmail-devel@lists.sourceforge.net, squirrelmail-admin@lists.sourceforge.net, and 1 more
From: jon@squirrelmail.org Subject: [SM-ANNOUNCE] SquirrelMail 1.4.5 Released Date: July 13, 2005 3:12:31 PM EDT To: squirrelmail-users@lists.sourceforge.net, squirrelmail-plugins@lists.sourceforge.net, bugtraq@securityfocus.com Cc: squirrelmail-devel@lists.sourceforge.net, squirrelmail-admin@lists.sourceforge.net, and 1 moreĀ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello All, It is my proud pleasure to announce the final release of SquirrelMail 1.4.5. This release is very important, and we strongly advise everybody to update to the latest release. Security Update =============== This version contains a number of security updates that were brought to our attention via a number of sources. Several cross site scripting exploits were uncovered by Martijn Brinkers and have been assigned the CAN-2005-1769. Another vulnerability was uncovered by James Bercegay, from GulfTech Security Research, which would allow a user to craft a special page that might permit them to overwrite other user settings. This has been assigned the ID CAN-2005-2095. Further details on SquirrelMail vulnerabilities can be found at the following address: http://www.squirrelmail.org/security/ We strongly encourage any persons uncovering Security issues to contact the SquirrelMail team via security@squirrelmail.org. In This Release =============== This release contains mostly bug fixes, including corrections for PHP behaviour changes in file handling, and some data types. We've also added support for the SquirrelSpell plugin under safe_mode if using PHP 4.3.0 or higher. Other changes include support for Priority headers, new Tahoma style sheets, and fixes in saving of searches. For further information about the changes involved in this release, please see the ChangeLog and ReleaseNotes files included with the release. The latest release can be downloaded from the SquirrelMail website at http://www.squirrelmail.org/download.php Happy SquirrelMailing The SquirrelMail development Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) iD8DBQFC1WeJK4PoFPj9H3MRAhBUAJ0TJK6Ci9yUKAyPZM3SNwbdXo4onwCeMhAS pTVmDIRR9Cd1njje8UWbIBY= =HoSJ -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar -- squirrelmail-announce mailing list List Address: squirrelmail-announce@lists.sourceforge.net List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-announce
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2095 the first bug (CAN-2005-1769) was already fixed in gentoo in bug #95937.
*** This bug has been marked as a duplicate of 97585 ***
