Dear raj, I am sorry to distrube you about that stuff. But according to my suggestion we should keep this advisory mails seprate from the main mailing list. Foergive me if I am wrong.
Regards, Ajay Malhotra -----Original Message----- From: Raj Mathur <[EMAIL PROTECTED]> Date: Thu, 14 Jul 2005 00:00:32 To:[email protected], [email protected] Subject: [LIH](fwd) [SECURITY] [DSA 756-1] New squirrelmail packages fix several vulnerabilities [Please upgrade squirrelmail. This advisory includes and extends the squirrelmail advisory posted 2005-06-22 -- Raju] This is an RFC 1153 digest. (1 message) ---------------------------------------------------------------------- Message-Id: <[EMAIL PROTECTED]> From: [EMAIL PROTECTED] (Martin Schulze) Sender: [EMAIL PROTECTED] To: [email protected] (Debian Security Announcements) Cc: Subject: [Full-disclosure] [SECURITY] [DSA 756-1] New squirrelmail packages fix several vulnerabilities Date: Wed, 13 Jul 2005 19:18:56 +0200 (CEST) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 756-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze July 13th, 2005 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : squirrelmail Vulnerability : several Problem-Type : remote Debian-specific: no CVE IDs : CAN-2005-1769 CAN-2005-2095 Debian Bug : 314374 317094 Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2005-1769 Martijn Brinkers discovered cross-site scripting vulnerabilities that allow remote attackers to inject arbitrary web script or HTML in the URL and e-mail messages. CAN-2005-2095 James Bercegay of GulfTech Security discovered a vulnerability in the variable handling which could lead to attackers altering other people's preferences and possibly reading them, writing files at any location writable for www-data and cross site scripting. For the old stable distribution (woody) these problems have been fixed in version 1.2.6-4. For the stable distribution (sarge) these problems have been fixed in version 1.4.4-6sarge1. For the unstable distribution (sid) these problems have been fixed in version 1.4.4-6sarge1. We recommend that you upgrade your squirrelmail package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-4.dsc Size/MD5 checksum: 646 a3739e908230dfe1fa1074b299087276 http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-4.diff.gz Size/MD5 checksum: 24291 c7107719af77e02daae1c3fd5a4000b8 http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6.orig.tar.gz Size/MD5 checksum: 1856087 be9e6be1de8d3dd818185d596b41a7f1 Architecture independent components: http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-4_all.deb Size/MD5 checksum: 1841510 3557389721f6e851b772838205841e01 Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-6sarge1.dsc Size/MD5 checksum: 690 c518315ea574b2f268a028eb32de4497 http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-6sarge1.diff.gz Size/MD5 checksum: 23441 fb2b94a5b1bf90c1b8c8b0c71fe1c40c http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4.orig.tar.gz Size/MD5 checksum: 575871 f50548b6f4f24d28afb5e6048977f4da Architecture independent components: http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-6sarge1_all.deb Size/MD5 checksum: 569980 2150edd3d6fea2d20d7d448a75be8d63 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [email protected] Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFC1Uz/W5ql+IAeqTIRAkE5AJ4zYssU48i0nLc1pdkdO1C8tyjknwCgl4a4 r/XUlykNIY0E/+KJATLyPLY= =scv2 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ------------------------------ End of this Digest ****************** -- Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves ------------------------------------------------------- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar _______________________________________________ linux-india-help mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/linux-india-help -- Ajay Malhotra Manager Development & Testing A Little World Private Limited +91 22 5697388 +91 98670 50070 www.alittleworld.com ------------------------------------------------------- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar _______________________________________________ linux-india-help mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/linux-india-help
