From: Thijs K. <ki...@us...> - 2006-01-30 10:05:17
|
Update of /cvsroot/squirrelmail/squirrelmail In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv18108 Modified Files: Tag: SM-1_4-STABLE ChangeLog ReleaseNotes Log Message: update changelog and notes with issues Index: ChangeLog =================================================================== RCS file: /cvsroot/squirrelmail/squirrelmail/ChangeLog,v retrieving revision 1.332.2.318 retrieving revision 1.332.2.319 diff -u -w -r1.332.2.318 -r1.332.2.319 --- ChangeLog 30 Jan 2006 00:35:16 -0000 1.332.2.318 +++ ChangeLog 30 Jan 2006 10:04:52 -0000 1.332.2.319 @@ -2,12 +2,14 @@ *** SquirrelMail Stable Series 1.4 *** ************************************** - Version 1.4.6 - CVS ------------------- - - MagicHTML fix for comments in styles. - - Multi-line encoded headers being deleted (#1394667). - - Prohibit IMAP injection attempts (reported by Vicente Aguilera). + - Security: MagicHTML fix for comments in styles which allowed + for cross site scripting when using Internet Explorer + [CVE-2006-0195]. + - Multi-line encoded headers were being deleted (#1394667). + - Security: Prohibit IMAP injection attempts (reported by Vicente + Aguilera) [CVE-2006-0377]. - Handle unsollicited responses inside SORT responses properly. Version 1.4.6 Release Candidate 1 - 10 December 2005 Index: ReleaseNotes =================================================================== RCS file: /cvsroot/squirrelmail/squirrelmail/ReleaseNotes,v retrieving revision 1.23.2.22 retrieving revision 1.23.2.23 diff -u -w -r1.23.2.22 -r1.23.2.23 --- ReleaseNotes 10 Dec 2005 14:13:08 -0000 1.23.2.22 +++ ReleaseNotes 30 Jan 2006 10:04:52 -0000 1.23.2.23 @@ -1,7 +1,7 @@ /***************************************************************** - * Release Notes: SquirrelMail 1.4.6 Release Candidate 1 * + * Release Notes: SquirrelMail 1.4.6 * * The "???" Release * - * 10 December 2005 * + * 2006 * *****************************************************************/ In this edition of SquirrelMail Release Notes: @@ -39,6 +39,26 @@ decoding functions from the development branch, vastly increasing the number of supported character sets and decoding performance. +Security issues +=============== + +This release addresses three different security issues found since +the release of 1.4.5: + +- In webmail.php, the right_frame parameter was not properly sanitized + to deal with very lenient browsers, which allowed for cross site + scripting or frame replacing. [CVE-2006-0188] + +- In the MagicHTML function, some very obscure constructs were discovered + to be exploitable: 'u\rl' was interpreted as 'url' (privacy concern), and + comments could be inside keywords (allows for cross site scripting). Both + only affect Internet Explorer users. Found by Martijn Brinkers and + Scott Hughes. [CVE-2006-0195] + +- The function sqimap_mailbox_select did not strip newlines from the mailbox + parameter, and thereby allowed for IMAP command injection. Found by + Vicente Aguilera. [CVE-2006-0377] + Major updates ============== |