218297 – (CVE-2006-6142) CVE-2006-6142 Three XSS issues in SquirrelMail

Bug 218297 (CVE-2006-6142) - CVE-2006-6142 Three XSS issues in SquirrelMail

Summary: CVE-2006-6142 Three XSS issues in SquirrelMail

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	CVE-2006-6142
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Martin Bacovsky
QA Contact:
Docs Contact:
URL:	http://bugs.gentoo.org/show_bug.cgi?i...
Whiteboard:
Depends On:	218294
Blocks:
TreeView+	depends on / blocked

Reported:	2006-12-04 15:20 UTC by Lubomir Kundrak
Modified:	2021-11-12 19:36 UTC (History)
CC List:	3 users (show)
Fixed In Version:	squirrelmail-1.4.10a-1.fc6
Clone Of:
Environment:
Last Closed:	2007-05-11 16:06:21 UTC
Embargoed:

Attachments	(Terms of Use)

Description Lubomir Kundrak 2006-12-04 15:20:46 UTC

+++ This bug was initially created as a clone of Bug #218294 +++

Description of problem:

Martijn Brinkers identified several XSS issues in versions 1.4.0 to 1.4.9 of
SquirrelMail. Fix for each one is available from upstream.

Version-Release number of selected component (if applicable):

1.4.0-1.4.9
RHEL{3,4,5}, FC{5,6}

Additional info:

Patches are here:
http://www.squirrelmail.org/patches/1.4.9-security/stable/

Comment 1 Tomas 2007-02-25 09:14:47 UTC

I strongly recommend checking background information about issues fixed in
SquirrelMail patches.

Comment 2 Gwyn Ciesla 2007-05-10 17:44:56 UTC

New version available, 1.4.10a,  which fixes several XSS issues.  Please update.

Comment 3 Martin Bacovsky 2007-05-11 16:06:21 UTC

squirrelmail should be upgraded to squirrelmail-1.4.10a-1.fc6 in fc6. This
update also fixes CVE-2006-6142 and CVE-2007:1262.

Note You need to log in before you can comment on or make changes to this bug.