Ubuntu
squirrelmail package

CVE-2006-6142 Cross site scripting in compose, draft & HTML mail viewing

  1. Edgy (6.10)
  2. Bug #78144
Bug #78144 reported by Kees Cook
256
Affects Status Importance Assigned to Milestone
squirrelmail (Ubuntu)
Fix Released
Undecided
Unassigned
Breezy
Invalid
Undecided
Unassigned
Dapper
Fix Released
Undecided
Leonel Erlichman
Edgy
Fix Released
Undecided
Leonel Erlichman
Feisty
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: squirrelmail

SM prior to 1.4.9a is vulnerable to some XSS issues:

http://squirrelmail.org/security/

CVE References

Kees Cook (kees)
Changed in squirrelmail:
status: Unconfirmed → Fix Released
William Grant (wgrant)
Changed in squirrelmail:
status: Unconfirmed → Fix Released
status: Fix Released → Confirmed
status: Unconfirmed → Confirmed
status: Unconfirmed → Confirmed
Revision history for this message
Marco Rodrigues (gothicx) wrote :

Breezy support is over.. Today it's Breezy End Of Life!

Changed in squirrelmail:
status: Confirmed → Rejected
Revision history for this message
Kees Cook (kees) wrote :

This was fixed while fixing other CVEs.

Changed in squirrelmail:
assignee: nobody → leonel
status: Confirmed → Fix Released
assignee: nobody → leonel
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.