Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Fedora 30: FEDORA-2019-ad02f64a79 critical: SquirrelMail XSS Issues

fedora
Calendar Grey August 15, 2019
Dist Fedora Esm H88
Fedora 30: Improved roundcube implementation to address ongoing CSRF vulnerabilities and bolster protective protocols.
updated to 1.4 branch snapshot containing several security fixes

Summary

SquirrelMail is a basic webmail package written in PHP4. It

includes built-in pure PHP support for the IMAP and SMTP protocols, and

all pages render in pure HTML 4.0 (with no JavaScript) for maximum

compatibility across browsers. It has very few requirements and is very

easy to configure and install.

updated to 1.4 branch snapshot containing several security fixes

* Wed Jul 10 2019 Michal Hlavinka - 1.4.23-1.20190710

- squirrelmail updated to newer snapshot

[ 1 ] Bug #1616100 - CVE-2018-14955 squirrelmail: persistent XSS in message display via SVG animations [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1616100

[ 2 ] Bug #1616097 - CVE-2018-14954 squirrelmail: persistent XSS in message display the formaction attribute [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1616097

[ 3 ] Bug #1616094 - CVE-2018-14953 squirrelmail: persistent XSS in message display via a "

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 30
Version: 1.4.23
Release: 1.fc30.20190710
Summary: webmail client written in php

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.