[SM-ANNOUNCE] SquirrelMail 1.4.5 Released

2005-07-14T00:00:00
ID SECURITYVULNS:DOC:9176
Type securityvulns
Reporter Securityvulns
Modified 2005-07-14T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Hello All,

It is my proud pleasure to announce the final release of SquirrelMail 1.4.5.

This release is very important, and we strongly advise everybody to update to the latest release.

Security Update

This version contains a number of security updates that were brought to our attention via a number of sources.

Several cross site scripting exploits were uncovered by Martijn Brinkers and have been assigned the CAN-2005-1769.

Another vulnerability was uncovered by James Bercegay, from GulfTech Security Research, which would allow a user to craft a special page that might permit them to overwrite other user settings. This has been assigned the ID CAN-2005-2095.

Further details on SquirrelMail vulnerabilities can be found at the following address:

http://www.squirrelmail.org/security/

We strongly encourage any persons uncovering Security issues to contact the SquirrelMail team via security@squirrelmail.org.

In This Release

This release contains mostly bug fixes, including corrections for PHP behaviour changes in file handling, and some data types. We've also added support for the SquirrelSpell plugin under safe_mode if using PHP 4.3.0 or higher. Other changes include support for Priority headers, new Tahoma style sheets, and fixes in saving of searches.

For further information about the changes involved in this release, please see the ChangeLog and ReleaseNotes files included with the release.

The latest release can be downloaded from the SquirrelMail website at http://www.squirrelmail.org/download.php

Happy SquirrelMailing The SquirrelMail development Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32)

iD8DBQFC1WeJK4PoFPj9H3MRAhBUAJ0TJK6Ci9yUKAyPZM3SNwbdXo4onwCeMhAS pTVmDIRR9Cd1njje8UWbIBY= =HoSJ -----END PGP SIGNATURE-----