In a report via bugtraq on Apr29, many XSS attacks in squirrelmail: http://marc.theaimsgroup.com/?l=bugtraq&m=108334862800260&w=2 (note that Squirrelmail 1.4.3 will fix these and more XSS issues) Affects: FC1 Affects: FC2
- Fix some XSS issues. (in 1.4.3 RC1) in CVS as: http://marc.theaimsgroup.com/?l=squirrelmail-cvs&m=108232045127038 http://marc.theaimsgroup.com/?l=squirrelmail-cvs&m=108232039707209 http://marc.theaimsgroup.com/?l=squirrelmail-cvs&m=108231961004190 http://marc.theaimsgroup.com/?l=squirrelmail-cvs&m=108231673730889 http://marc.theaimsgroup.com/?l=squirrelmail-cvs&m=108231643021211 - Fixed XSS vulnerability in content-type display in the attachment area of read_body.php discovered by Roman Medina. (since 1.4.3 RC1) http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt http://marc.theaimsgroup.com/?l=squirrelmail-cvs&m=108532891231712 - Unspecified SQL injection attack http://marc.theaimsgroup.com/?l=squirrelmail-devel&m=108424284608500 is actually "SQL injection attack in personal addressbook database class" http://marc.theaimsgroup.com/?l=squirrelmail-cvs&m=108309375029888
http://www.redhat.com/archives/fedora-announce-list/2004-June/msg00009.html http://www.redhat.com/archives/fedora-announce-list/2004-June/msg00010.html