oss-sec mailing list archives
Re: CVE request: Squirrelmail < 1.4.18 XSS, session fixation, server-side code execution
From: Tomas Hoger <thoger () redhat com>
Date: Tue, 12 May 2009 16:23:06 +0200
Hi Hanno! On Tue, 12 May 2009 09:43:36 +0200 Hanno Böck <hanno () hboeck de> wrote:
From squirrelmail.org: The SquirrelMail Team is pleased to announce the release of SquirrelMail version 1.4.18. The most notable changes for this version are several security fixes, including a couple XSS exploits, a session fixation issue, and an obscure but dangerous server-side code execution hole.
Was this meant as CVE request? Upstream changelog does mention CVEs for the issues, as well as upstream SVN commits and security page: http://www.squirrelmail.org/security/ HTH -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- CVE request: Squirrelmail < 1.4.18 XSS, session fixation, server-side code execution Hanno Böck (May 12)
- Re: CVE request: Squirrelmail < 1.4.18 XSS, session fixation, server-side code execution Tomas Hoger (May 12)