Red Hat Bugzilla – Bug 145966
CAN-2005-0103 Multiple issues in squirrelmail (CAN-2005-0104)
Last modified: 2007-11-30 17:10:59 EST
*** This bug has been split off bug 145964 ***
------- Original comment by Josh Bressers (Security Response Team) on 2005.01.24
Two additional issues were fixed in squirrelmail 1.4.4
CAN-2005-0103 for cross site scripting
CAN-2005-0104 for code injectian via unsanitised integer variable
The fixes for these issues are here.
Are these fixes to be released for FC3 in the near future as a new RPM or is the
patch above going to be the sole remedy?
Please try the update package from here. Let me know if it upgrades cleanly and
works properly after a day or two of usage.
Now hey, that's what I call service!
I've downloaded it, and successfully upgraded the current FC3 version, and
configured it to operate the same as my production server. I'll poke at it for
a few days.
Pushed to FC2 and FC3 updates.