Bug 160242
Summary: | CAN-2005-1769 Multiple XSS issues in squirrelmail | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Josh Bressers <bressers> |
Component: | squirrelmail | Assignee: | Warren Togami <wtogami> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4 | CC: | lsomike, michal, security-response-team, wtogami |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | public=20050615,impact=moderate,source=vendor-sec,reported=20050612 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-08-22 19:51:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Josh Bressers
2005-06-13 19:33:39 UTC
This issue should also affect FC3
The fix for this issue is attachment 115373 [details]
The latest patch is attachment 115434 [details].
*** Bug 162189 has been marked as a duplicate of this bug. *** Are there any plans to release this as an RPM for FC3 in the near future, I couldn't even find it in FC3 testing yet? See: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160241 http://rhn.redhat.com/errata/RHSA-2005-595.html for additional fixes for the address book. Mike Klinke http://people.redhat.com/wtogami/temp/squirrel/ Please test this RPM here on FC3 or FC4. Upstream's 1.4.5 release was screwed and unusable, so I added everything in 1.4.6 CVS to this test package. This might actually allow squirrelmail to run on FC4's PHP5 too while solving the security issues. I know that more fixes are required before pushing this as a FC3 & FC4 update, but your testing is required to help me figure out exactly what needs fixing. Thanks!, I've downloaded it and upgraded my FC3 testbox with it. At first blush everything looks fine. I'll poke at it for a few days. Regards, Mike Klinke I've run this on FC3 for a few days, and so far, I haven't run into any surprises in my normal usage. Regards, Mike Klinke I've run the rpm from Comment #5 for about a week now on a small server... about 10-15 squirrelmail users and no reports of any problems. It's running on FC4. Kevin From User-Agent: XML-RPC squirrelmail-1.4.6-0.cvs20050812.1.fc4 has been pushed for FC4, which should resolve this issue. If these issues are still present in this version, then please re-open this bug. Does this need to be reopened again for FC3? Regards, Mike Klinke |