Red Hat Bugzilla – Bug 182585
CVE-2006-0377 IMAP injection in sqimap_mailbox_select mailbox parameter
Last modified: 2007-11-30 17:11:24 EST
IMAP injection in sqimap_mailbox_select mailbox parameter
(Text taken from the above URL)
By adding newlines to the mailbox parameter of sqimap_mailbox_select,
a logged in user can add additional IMAP commands after the command
issued by SquirrelMail. The real-world impact of this is unknown.
From User-Agent: XML-RPC
squirrelmail-1.4.6-1.fc4 has been pushed for FC4, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
Not sure why this wasn't closed earlier.