Bug 218297 (CVE-2006-6142)

Summary: CVE-2006-6142 Three XSS issues in SquirrelMail
Product: [Other] Security Response Reporter: Lubomir Kundrak <lkundrak>
Component: vulnerabilityAssignee: Martin Bacovsky <mbacovsk>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: gwync, tokul, wtogami
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://bugs.gentoo.org/show_bug.cgi?id=156949
Whiteboard:
Fixed In Version: squirrelmail-1.4.10a-1.fc6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-05-11 16:06:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 218294    
Bug Blocks:    

Description Lubomir Kundrak 2006-12-04 15:20:46 UTC 
+++ This bug was initially created as a clone of Bug #218294 +++

Description of problem:

Martijn Brinkers identified several XSS issues in versions 1.4.0 to 1.4.9 of
SquirrelMail. Fix for each one is available from upstream.

Version-Release number of selected component (if applicable):

1.4.0-1.4.9
RHEL{3,4,5}, FC{5,6}

Additional info:

Patches are here:
http://www.squirrelmail.org/patches/1.4.9-security/stable/
Comment 1 Tomas 2007-02-25 09:14:47 UTC 
I strongly recommend checking background information about issues fixed in
SquirrelMail patches.
Comment 2 Gwyn Ciesla 2007-05-10 17:44:56 UTC 
New version available, 1.4.10a,  which fixes several XSS issues.  Please update.
Comment 3 Martin Bacovsky 2007-05-11 16:06:21 UTC 
squirrelmail should be upgraded to squirrelmail-1.4.10a-1.fc6 in fc6. This
update also fixes CVE-2006-6142 and CVE-2007:1262.