Package: squirrelmail Severity: wishlist ----- Forwarded message from Jonathan Angliss <[EMAIL PROTECTED]> -----
> Date: Wed, 13 Jul 2005 14:12:31 -0500 > From: Jonathan Angliss <[EMAIL PROTECTED]> > To: SquirrelMail - Users <squirrelmail-users@lists.sourceforge.net>, > SquirrelMail - Plugins <[EMAIL PROTECTED]>, > bugtraq@securityfocus.com > Cc: SquirrelMail - Devel <[EMAIL PROTECTED]>, > SquirrelMail - Admin <[EMAIL PROTECTED]>, > SquirrelMail - Announce <squirrelmail-announce@lists.sourceforge.net> > Subject: [SM-ANNOUNCE] SquirrelMail 1.4.5 Released > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello All, > > It is my proud pleasure to announce the final release of SquirrelMail > 1.4.5. > > This release is very important, and we strongly advise everybody to > update to the latest release. > > Security Update > =============== > This version contains a number of security updates that were brought > to our attention via a number of sources. > > Several cross site scripting exploits were uncovered by Martijn > Brinkers and have been assigned the CAN-2005-1769. > > Another vulnerability was uncovered by James Bercegay, from GulfTech > Security Research, which would allow a user to craft a special page > that might permit them to overwrite other user settings. This has > been assigned the ID CAN-2005-2095. > > Further details on SquirrelMail vulnerabilities can be found at the > following address: > > http://www.squirrelmail.org/security/ > > We strongly encourage any persons uncovering Security issues to > contact the SquirrelMail team via [EMAIL PROTECTED] > > > In This Release > =============== > This release contains mostly bug fixes, including corrections for PHP > behaviour changes in file handling, and some data types. We've also > added support for the SquirrelSpell plugin under safe_mode if using > PHP 4.3.0 or higher. Other changes include support for Priority > headers, new Tahoma style sheets, and fixes in saving of searches. > > For further information about the changes involved in this release, > please see the ChangeLog and ReleaseNotes files included with the > release. > > > The latest release can be downloaded from the SquirrelMail website at > http://www.squirrelmail.org/download.php > > Happy SquirrelMailing > The SquirrelMail development Team > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.1 (MingW32) > > iD8DBQFC1WeJK4PoFPj9H3MRAhBUAJ0TJK6Ci9yUKAyPZM3SNwbdXo4onwCeMhAS > pTVmDIRR9Cd1njje8UWbIBY= > =HoSJ > -----END PGP SIGNATURE----- ----- End forwarded message ----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]