Bugs fixes in "squirrelmail"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2019-12970 | XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in | 2020-12-11 |
| CVE | CVE-2019-12970 | XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in | 2020-12-10 |
| CVE | CVE-2018-14955 | The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute). | 2018-09-04 |
| CVE | CVE-2018-14954 | The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute. | 2018-09-04 |
| CVE | CVE-2018-14953 | The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack. | 2018-09-04 |
| CVE | CVE-2018-14952 | The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack. | 2018-09-04 |
| CVE | CVE-2018-14951 | The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack. | 2018-09-04 |
| CVE | CVE-2018-14950 | The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack. | 2018-09-04 |
| CVE | CVE-2018-14955 | The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute). | 2018-09-04 |
| CVE | CVE-2018-14954 | The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute. | 2018-09-04 |
| CVE | CVE-2018-14953 | The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack. | 2018-09-04 |
| CVE | CVE-2018-14952 | The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack. | 2018-09-04 |
| CVE | CVE-2018-14951 | The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack. | 2018-09-04 |
| CVE | CVE-2018-14950 | The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack. | 2018-09-04 |
| Launchpad | 1636333 | Squirrelmail - missing Subject/Body on some messages in 16.04 | 2018-04-11 |
| Launchpad | 1566587 | Update to PHP7.0 dependencies | 2018-04-10 |
| Launchpad | 1566587 | Update to PHP7.0 dependencies | 2018-04-10 |
| CVE | CVE-2017-7692 | SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mis | 2017-05-22 |
| CVE | CVE-2017-7692 | SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mis | 2017-05-22 |
| Launchpad | 1636333 | Squirrelmail - missing Subject/Body on some messages in 16.04 | 2016-12-12 |
About
-
Send Feedback to @ubuntu_updates
