Description of problem:

Squirrelmail 1.4.7 was released on July 4th 2006 which contains several fixes:

  - Security: Possible cookie theft in src/redirect.php if
    register_globals is enabled, and malicous site is running
    in same domain.
  - Fixed that loading the options page always loaded the prefs
    initial_value on display, instead of the users' value.
  - Enabled Ukrainian translation after updates by Serhij Dubyk.
  - Fixed from address in case of MDN receipts (patch from Dimitar Pashev).
  - Correct variable typo, causing Bogus sequence in FETCH errors (#1460338).
  - Reduce references header in a smart way to avoid "header too long"
    errors from SMTP servers in really long threads (#1167754, #1465342).
  - Undo extra sanitizing in decodeHeader() function (#1460638).
  - Added workaround for broken OpenBSD 3.8+ setlocale() function (#1427512).
  - Fixed session lockups on large attachment downloads.
  - Fixed bug_report plugin connections to mapped and secured IMAP servers.
  - Fixed possibility to use single quote in provider name (#1475744).
  - Improved error handling for the help pages.
  - Added new color themes by Jeremy Landes, Tammi Maggard and Lucas Austin-Howe
    (#1378332), (#1377567), (#1377529), (#1377528), (#1377527), (#1377526),
    (#1377525), (#1393188).
  - Removed invalid $sendmail_path check in configuration utility.
  - Backported calendar plugin updates from devel branch. Fixed display of 
    multiline events (#1291081) and sanitizing of quotes (#705796). Fixed
    possible calendar corruption, when events contain special formating 
    characters. Moved html sanitizing from backend functions to display 
    code. Removed direct access to $_GET and $_POST variables and 
    simplified form variable processing.
  - Fixed some mailbox caching issues, when messages are deleted or moved 
    not in first mailbox page. Fixed use of mailbox cache in right_main.php 
    (#1304408).
  - Stop URL parsing, if 8bit symbols or HTML entities are detected (#1356798).
  - Improve recovery when EHLO not supported on legacy SMTP servers
    (#1031455).
  - Don't move messages when target mailbox matches source mailbox (#1409453).
  - Sanitized IMAP folder names in error_message() function and filters plugin.
  - Take X-Forwarded-Host HTTP header in consideration when constructing
    base_uri for redirects; reduces problems with transparent proxies
    (#1488590).
  - Don't use trailing delimiter when sqimap_mailbox_create() subscribes
    newly created mailbox.
  - Undefined variable in src/right_main.php.
  - Security: Local file inclusion in functions/plugin.php with
    register_globals enabled, and magic_quotes disabled (reported by Denix
    Solutions). [CVE-2006-2842]
  - Add note to conf.pl / config_default.php to warn users that set
    sensitive passwords in that file to properly secure it.
  - Prevent modifications in advanced identities, when editing of
    identities is disabled.
  - Fix incorrect parsing of From with nested parentheses (#1241506).
  - Tightened code in search.php for disputed security report. We don't
    believe this is exploitable, but the code is tightened anyway.
    [CVE-2006-3174]