Fedora Account System
Red Hat Associate
Red Hat Customer
For FC6 +++ This bug was initially created as a clone of Bug #202196 +++ Squirrelmail authenticated user variable overwriting A bug was fixed in squirrelmail 1.4.8 which could allow a logged in user to overwrite random variables in compose.php with arbitrary data. This may allow a user to read or write another users preferences or mail attachments. More information can be found here: http://www.squirrelmail.org/security/issue/2006-08-11 -- Additional comment from updates.com on 2006-08-15 12:40 EST -- squirrelmail-1.4.8-1.fc5 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
1.4.8 was pushed for FC6 a few days ago, is there a different issue?
No, it means test2 didn't contain a fixed version. Marking fixed "rawhide"