*** This bug has been split off bug 145964 *** ------- Original comment by Josh Bressers (Security Response Team) on 2005.01.24 08:43 ------- Two additional issues were fixed in squirrelmail 1.4.4 CAN-2005-0103 for cross site scripting CAN-2005-0104 for code injectian via unsanitised integer variable The fixes for these issues are here. http://cvs.sf.net/viewcvs.py/squirrelmail/squirrelmail/src/webmail.php?r1=1.92.2.8&r2=1.92.2.6&only_with_tag=SM-1_4-STABLE
Are these fixes to be released for FC3 in the near future as a new RPM or is the patch above going to be the sole remedy? Mike
http://people.redhat.com/wtogami/temp/ Please try the update package from here. Let me know if it upgrades cleanly and works properly after a day or two of usage.
Now hey, that's what I call service! I've downloaded it, and successfully upgraded the current FC3 version, and configured it to operate the same as my production server. I'll poke at it for a few days. Thank-you, Mike
Pushed to FC2 and FC3 updates.