Network Security Audits / Vulnerability Assessments by SecuritySpace

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-088
2007-01-17
---------------------------------------------------------------------

Product     : Fedora Core 5
Name        : squirrelmail
Version     : 1.4.8
Release     : 3.fc5
Summary     : SquirrelMail webmail client
Description :
SquirrelMail is a standards-based webmail package written in PHP4. It
includes built-in pure PHP support for the IMAP and SMTP protocols, and
all pages render in pure HTML 4.0 (with no Javascript) for maximum
compatibility across browsers.  It has very few requirements and is very
easy to configure and install. SquirrelMail has all the functionality
you would want from an email client, including strong MIME support,
address books, and folder manipulation.

---------------------------------------------------------------------
Update Information:

http://squirrelmail.org/security/issue/2006-12-02
CVE-2006-6142
Cross site scripting in compose, draft & HTML mail viewing
http://squirrelmail.org/security/issue/2006-12-03
Workaround for Internet Explorer MIME handling

---------------------------------------------------------------------
* Mon Jan 15 2007 Warren Togami <wtogami@redhat.com> 1.4.8-3
- CVE-2006-6142
* Tue Aug 15 2006 Warren Togami <wtogami@redhat.com> 1.4.8-2
- more Japanese filename fixes (#195639)
* Fri Aug 11 2006 Warren Togami <wtogami@redhat.com> 1.4.8-1
- 1.4.8 release with CVE-2006-4019 and upstream bug fixes
* Tue Jul 18 2006 Warren Togami <wtogami@redhat.com> 1.4.7-5
- More JP translation updates (#194598)
* Mon Jul 10 2006 Warren Togami <wtogami@redhat.com> 1.4.7-4
- Fix fatal typo in config_local.php (#198306)
* Sun Jul  9 2006 Warren Togami <wtogami@redhat.com> 1.4.7-2
- Move sqspell_config.php to /etc and mark it %config(noreplace) (#192236)
* Fri Jul  7 2006 Warren Togami <wtogami@redhat.com> 1.4.7-1
- 1.4.7 with CVE-2006-3174
- Reduce patch for body text (#194457)
- Better JP translation for "Check mail" (#196117)
* Fri Jun 23 2006 Warren Togami <wtogami@redhat.com> 1.4.6-8
- Japanese zenkaku subject conversion      (#196017)
- Japanese MSIE garbled download ugly hack (#195639)
- Japanese multibyte attachment view text  (#195452)
- Japanese multibyte attachment body text  (#194457)
- Do not convert Japanese Help to UTF-8    (#194599)
* Wed Jun  7 2006 Warren Togami <wtogami@redhat.com> 1.4.6-7
- CVE-2006-2842 File Inclusion Vulnerability
* Mon Jun  5 2006 Warren Togami <wtogami@redhat.com> 1.4.6-6
- buildreq gettext (194169)

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

4bdf0b49b18e8f50550fc06ff5794545e322fbe0  SRPMS/squirrelmail-1.4.8-3.fc5.src.rpm
4bdf0b49b18e8f50550fc06ff5794545e322fbe0  noarch/squirrelmail-1.4.8-3.fc5.src.rpm
5d369482abe9c8c840e34d0ddd54c7a75ca1b90f  ppc/squirrelmail-1.4.8-3.fc5.noarch.rpm
5d369482abe9c8c840e34d0ddd54c7a75ca1b90f  x86_64/squirrelmail-1.4.8-3.fc5.noarch.rpm
5d369482abe9c8c840e34d0ddd54c7a75ca1b90f  i386/squirrelmail-1.4.8-3.fc5.noarch.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------