Fedora 25: 2017-f85c37ae3d moderate: Squirrelmail Insufficient Escaping

SquirrelMail is a basic webmail package written in PHP4. It

includes built-in pure PHP support for the IMAP and SMTP protocols, and

all pages render in pure HTML 4.0 (with no JavaScript) for maximum

compatibility across browsers. It has very few requirements and is very

easy to configure and install.

fix insufficient escaping of user-supplied data (CVE-2017-7692)

[ 1 ] Bug #1445165 - CVE-2017-7692 squirrelmail: Insufficient escaping of user-supplied data

https://bugzilla.redhat.com/show_bug.cgi?id=1445165

su -c 'dnf upgrade squirrelmail' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org