Bug 200074 - Squirrelmail 1.4.7 fixes several issues
Squirrelmail 1.4.7 fixes several issues
Status: CLOSED DUPLICATE of bug 200073
Product: Fedora
Classification: Fedora
Component: squirrelmail (Show other bugs)
noarch Linux
medium Severity medium
: ---
: ---
Assigned To: Warren Togami
Depends On:
  Show dependency treegraph
Reported: 2006-07-25 06:58 EDT by Nils Breunese
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-07-25 08:46:40 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Nils Breunese 2006-07-25 06:58:15 EDT
Description of problem:

Squirrelmail 1.4.7 was released on July 4th 2006 which contains several fixes:

  - Security: Possible cookie theft in src/redirect.php if
    register_globals is enabled, and malicous site is running
    in same domain.
  - Fixed that loading the options page always loaded the prefs
    initial_value on display, instead of the users' value.
  - Enabled Ukrainian translation after updates by Serhij Dubyk.
  - Fixed from address in case of MDN receipts (patch from Dimitar Pashev).
  - Correct variable typo, causing Bogus sequence in FETCH errors (#1460338).
  - Reduce references header in a smart way to avoid "header too long"
    errors from SMTP servers in really long threads (#1167754, #1465342).
  - Undo extra sanitizing in decodeHeader() function (#1460638).
  - Added workaround for broken OpenBSD 3.8+ setlocale() function (#1427512).
  - Fixed session lockups on large attachment downloads.
  - Fixed bug_report plugin connections to mapped and secured IMAP servers.
  - Fixed possibility to use single quote in provider name (#1475744).
  - Improved error handling for the help pages.
  - Added new color themes by Jeremy Landes, Tammi Maggard and Lucas Austin-Howe
    (#1378332), (#1377567), (#1377529), (#1377528), (#1377527), (#1377526),
    (#1377525), (#1393188).
  - Removed invalid $sendmail_path check in configuration utility.
  - Backported calendar plugin updates from devel branch. Fixed display of 
    multiline events (#1291081) and sanitizing of quotes (#705796). Fixed
    possible calendar corruption, when events contain special formating 
    characters. Moved html sanitizing from backend functions to display 
    code. Removed direct access to $_GET and $_POST variables and 
    simplified form variable processing.
  - Fixed some mailbox caching issues, when messages are deleted or moved 
    not in first mailbox page. Fixed use of mailbox cache in right_main.php 
  - Stop URL parsing, if 8bit symbols or HTML entities are detected (#1356798).
  - Improve recovery when EHLO not supported on legacy SMTP servers
  - Don't move messages when target mailbox matches source mailbox (#1409453).
  - Sanitized IMAP folder names in error_message() function and filters plugin.
  - Take X-Forwarded-Host HTTP header in consideration when constructing
    base_uri for redirects; reduces problems with transparent proxies
  - Don't use trailing delimiter when sqimap_mailbox_create() subscribes
    newly created mailbox.
  - Undefined variable in src/right_main.php.
  - Security: Local file inclusion in functions/plugin.php with
    register_globals enabled, and magic_quotes disabled (reported by Denix
    Solutions). [CVE-2006-2842]
  - Add note to conf.pl / config_default.php to warn users that set
    sensitive passwords in that file to properly secure it.
  - Prevent modifications in advanced identities, when editing of
    identities is disabled.
  - Fix incorrect parsing of From with nested parentheses (#1241506).
  - Tightened code in search.php for disputed security report. We don't
    believe this is exploitable, but the code is tightened anyway.
Comment 1 Nils Breunese 2006-07-25 07:40:00 EDT
Oops, dupe of 200073. The page was not responding and I hit 'Submit' again.
Comment 2 Matthew Miller 2006-07-25 08:46:40 EDT

*** This bug has been marked as a duplicate of 200073 ***

Note You need to log in before you can comment on or make changes to this bug.