CVE-2008-2379 insufficient input sanitising
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
squirrelmail (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Dapper |
Fix Released
|
Medium
|
Unassigned | ||
Gutsy |
Fix Released
|
Medium
|
Unassigned | ||
Hardy |
Fix Released
|
Medium
|
Unassigned | ||
Intrepid |
Fix Released
|
Medium
|
Unassigned | ||
Jaunty |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: squirrelmail
- -------
Debian Security Advisory DSA-168201 security_
http://
December 07, 2008 http://
- -------
Package : squirrelmail
Vulnerability : insufficient input sanitising
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-2379
Ivan Markovic discovered that SquirrelMail, a webmail application, did not
sufficiently sanitise incoming HTML email, allowing an attacker to perform
cross site scripting through sending a malicious HTML email.
For the stable distribution (etch), this problem has been fixed in
version 1.4.9a-3.
For the unstable distribution (sid), this problem has been fixed in
version 1.4.15-4.
We recommend that you upgrade your squirrelmail package.
Changed in squirrelmail: | |
status: | New → Confirmed |
Changed in squirrelmail: | |
status: | New → Fix Committed |
status: | Confirmed → Fix Released |
status: | New → Fix Committed |
importance: | Undecided → Medium |
importance: | Undecided → Medium |
importance: | Undecided → Medium |
importance: | Undecided → Medium |
importance: | Undecided → Medium |
Changed in squirrelmail: | |
status: | New → Fix Committed |
status: | New → Fix Committed |
Changed in squirrelmail (Ubuntu Dapper): | |
status: | Fix Committed → Fix Released |
This bug was fixed in the package squirrelmail - 2:1.4.13-2ubuntu1.1
--------------- 13-2ubuntu1. 1) hardy-security; urgency=low
squirrelmail (2:1.4.
* SECURITY UPDATE: cross site scripting issue in the HTML filter 2008-2379) . LP: #306536. mime.php: from the debian package version 1.4.15-4.
(CVE-
- functiions/
-- Reinhard Tartler <email address hidden> Tue, 09 Dec 2008 14:58:07 +0100