fixes: - CVE-2011-2023 : Messages containing style tags with malicious script attributes were being displayed without being sanitized - CVE-2010-4555 : An attacker could use one of several small bugs in SquirrelMail to inject malicious script into various pages or alter the contents of user preferences - CVE-2010-4554 : SquirrelMail is vulnerable to clickjacking attacks wherein the entire application can be loaded in a frame that could overlay other elements on top of SquirrelMail

This update has been submitted for testing by mhlavink.

9 years ago

This update has been pushed to testing

9 years ago

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

9 years ago

This update has been submitted for stable by mhlavink.

9 years ago

This update has been pushed to stable

9 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
9 years ago
in testing
9 years ago
in stable
9 years ago
BZ#720693 CVE-2010-4554 SquirrelMail: Prone to clickjacking attacks
0
0
BZ#720694 CVE-2010-4555 SquirrelMail: Multiple XSS flaws
0
0
BZ#720695 CVE-2011-2023 SquirrelMail: XSS in <style> tag handling
0
0

Automated Test Results