diff options
author | martti <martti@pkgsrc.org> | 2006-02-27 07:12:13 +0000 |
---|---|---|
committer | martti <martti@pkgsrc.org> | 2006-02-27 07:12:13 +0000 |
commit | 5e8732153d006b7825ffd37d2ee70c27eaaa5962 (patch) | |
tree | 6dc6f10d3fd5117f905c07cde5becb650ce46816 /databases/gramps | |
parent | 524eeec05b7f95b669d595f0cd7a6de594b9537c (diff) | |
download | pkgsrc-5e8732153d006b7825ffd37d2ee70c27eaaa5962.tar.gz |
Updated squirrelmail to 1.4.6
This release is very important, and we strongly advise everybody to
update to the latest release.
Security Update
===============
This version contains a number of security updates that were brought
to our attention via a number of sources.
- In webmail.php, the right_frame parameter was not properly sanitized
to deal with very lenient browsers, which allowed for cross site
scripting or frame replacing. [CVE-2006-0188]
- In the MagicHTML function, some very obscure constructs were
discovered to be exploitable: 'u\rl' was interpreted as 'url' (privacy
concern), and comments could be inside keywords (allows for cross site
scripting). Both only affect Internet Explorer users. Found by Martijn
Brinkers and Scott Hughes. [CVE-2006-0195]
- The function sqimap_mailbox_select did not strip newlines from the
mailbox parameter, and thereby allowed for IMAP command injection.
Found by Vicente Aguilera. [CVE-2006-0377]
Diffstat (limited to 'databases/gramps')
0 files changed, 0 insertions, 0 deletions