[SM-CVS] CVS: squirrelmail ChangeLog,1.332.2.318,1.332.2.319 ReleaseNotes,1.23.2.22,1.23.2.23

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Update of /cvsroot/squirrelmail/squirrelmail
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv18108

Modified Files:
      Tag: SM-1_4-STABLE
	ChangeLog ReleaseNotes 
Log Message:
update changelog and notes with issues


Index: ChangeLog
===================================================================
RCS file: /cvsroot/squirrelmail/squirrelmail/ChangeLog,v
retrieving revision 1.332.2.318
retrieving revision 1.332.2.319
diff -u -w -r1.332.2.318 -r1.332.2.319

--- ChangeLog	30 Jan 2006 00:35:16 -0000	1.332.2.318
+++ ChangeLog	30 Jan 2006 10:04:52 -0000	1.332.2.319
@@ -2,12 +2,14 @@
 *** SquirrelMail Stable Series 1.4 ***
 **************************************
 
-
 Version 1.4.6 - CVS
 -------------------
-  - MagicHTML fix for comments in styles.
-  - Multi-line encoded headers being deleted (#1394667).
-  - Prohibit IMAP injection attempts (reported by Vicente Aguilera).
+  - Security: MagicHTML fix for comments in styles which allowed
+    for cross site scripting when using Internet Explorer
+    [CVE-2006-0195].
+  - Multi-line encoded headers were being deleted (#1394667).
+  - Security: Prohibit IMAP injection attempts (reported by Vicente
+    Aguilera) [CVE-2006-0377].
   - Handle unsollicited responses inside SORT responses properly.
 
 Version 1.4.6 Release Candidate 1 - 10 December 2005

Index: ReleaseNotes
===================================================================
RCS file: /cvsroot/squirrelmail/squirrelmail/ReleaseNotes,v
retrieving revision 1.23.2.22
retrieving revision 1.23.2.23
diff -u -w -r1.23.2.22 -r1.23.2.23
--- ReleaseNotes	10 Dec 2005 14:13:08 -0000	1.23.2.22
+++ ReleaseNotes	30 Jan 2006 10:04:52 -0000	1.23.2.23
@@ -1,7 +1,7 @@
 /*****************************************************************
- * Release Notes: SquirrelMail 1.4.6 Release Candidate 1         *
+ * Release Notes: SquirrelMail 1.4.6                             *
  * The "???" Release                                             *
- * 10 December 2005                                              *
+ *  2006                                              *
  *****************************************************************/
 
 In this edition of SquirrelMail Release Notes:
@@ -39,6 +39,26 @@
 decoding functions from the development branch, vastly increasing the
 number of supported character sets and decoding performance.
 
+Security issues
+===============
+
+This release addresses three different security issues found since
+the release of 1.4.5:
+
+- In webmail.php, the right_frame parameter was not properly sanitized
+  to deal with very lenient browsers, which allowed for cross site
+  scripting or frame replacing. [CVE-2006-0188]
+
+- In the MagicHTML function, some very obscure constructs were discovered
+  to be exploitable: 'u\rl' was interpreted as 'url' (privacy concern), and 
+  comments could be inside keywords (allows for cross site scripting). Both
+  only affect Internet Explorer users. Found by Martijn Brinkers and
+  Scott Hughes. [CVE-2006-0195]
+
+- The function sqimap_mailbox_select did not strip newlines from the mailbox
+  parameter, and thereby allowed for IMAP command injection. Found by
+  Vicente Aguilera. [CVE-2006-0377]
+
 
 Major updates
 ==============



