UbuntuUpdates.org

Package "squirrelmail"

Name: squirrelmail

Description:

Webmail for nuts
Latest version: 2:1.4.23~svn20120406-2+deb8u3ubuntu0.16.04.2
Release: xenial (16.04)
Level: security
Repository: universe
Homepage: http://www.squirrelmail.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "squirrelmail"

All arch deb package
APT INSTALL

Other versions of "squirrelmail" in Xenial

Repository Area Version
base universe 2:1.4.23~svn20120406-2ubuntu1
updates universe 2:1.4.23~svn20120406-2+deb8u3ubuntu0.16.04.2

Changelog

Version: 2:1.4.23~svn20120406-2+deb8u3ubuntu0.16.04.2 2020-12-11 22:07:04 UTC

  squirrelmail (2:1.4.23~svn20120406-2+deb8u3ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability
    - debian/patches/CVE-2019-12970.patch: Fix XSS due to improper handling
      of RCDATA and RAWTEXT elements.
    - CVE-2019-12970

 -- Paulo Flabiano Smorigo <email address hidden> Wed, 09 Dec 2020 14:57:30 +0000
Source diff to previous version
CVE-2019-12970 XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in

Version: 2:1.4.23~svn20120406-2+deb8u3ubuntu0.16.04.1 2018-09-04 13:06:44 UTC

  squirrelmail (2:1.4.23~svn20120406-2+deb8u3ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: XSS vulnerabilities
    - CVE-2018-14950-55.patch: Non-maintainer upload by the Debian LTS Team.
      Fix for several XSS vulnerabilities
    - CVE-2018-14950 CVE-2018-14951 CVE-2018-14952 CVE-2018-14953 CVE-2018-14954
      CVE-2018-14955

 -- Mike Salvatore <email address hidden> Fri, 31 Aug 2018 10:44:45 -0400
Source diff to previous version
CVE-2018-14950 The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack.
CVE-2018-14951 The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack.
CVE-2018-14952 The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack.
CVE-2018-14953 The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack.
CVE-2018-14954 The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute.
CVE-2018-14955 The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute).

Version: 2:1.4.23~svn20120406-2+deb8u2ubuntu0.16.04.3 2018-04-11 21:06:32 UTC

  squirrelmail (2:1.4.23~svn20120406-2+deb8u2ubuntu0.16.04.3) xenial-security; urgency=medium

  [ Nishanth Aravamudan ]
  * debian/patches/php7_remove_e_modifier_preg_replace: Remove use of
    deprecated /e modifier in preg_replace. Thanks to Thijs Kinkhorst
    <email address hidden>. Closes LP: #1636333.

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 11 Apr 2018 14:24:18 -0300
Source diff to previous version
1636333 Squirrelmail - missing Subject/Body on some messages in 16.04

Version: 2:1.4.23~svn20120406-2+deb8u2ubuntu0.16.04.2 2018-04-10 19:06:48 UTC

  squirrelmail (2:1.4.23~svn20120406-2+deb8u2ubuntu0.16.04.2) xenial-security; urgency=medium

  [ Nishanth Aravamudan ]
  * Update to PHP7.0 dependencies (LP: #1566587).

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 10 Apr 2018 14:24:53 -0300
Source diff to previous version
1566587 Update to PHP7.0 dependencies

Version: 2:1.4.23~svn20120406-2+deb8u2build0.16.04.1 2018-04-10 15:06:30 UTC

  squirrelmail (2:1.4.23~svn20120406-2+deb8u2build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian


About   -   Send Feedback to @ubuntu_updates