- Fixed character wrapping/encoding issues in Japanese translation (#1377622).
Issue is specific to sqBodyWrap() and string function wrappers introduced in
1.5.1.
- - MagicHTML fix for comments in styles.
+ - Security: MagicHTML fix for comments in styles which allowed
+ for cross site scripting when using Internet Explorer
+ [CVE-2006-0195].
- Added 'mail' and 'sn' attributes to address book LDAP backend search
expression (#1368154).
- Added mailbox caching code by Michael Long.
- Prevent output of whitespace during plugin activation. Fixes possible
attachment corruption by incorrectly coded plugins.
- Fixed data sanitizing in calendar plugin (#1291081)(#705796).
- - Prohibit imap injection attempts (reported by Vicente Aguilera)
+ - Security: Prohibit imap injection attempts (reported by Vicente Aguilera)
+ [CVE-2006-0377].
- Don't move messages in sqimap_msgs_list_move() function call, when target
mailbox is same as source mailbox. Adds fifth argument to
sqimap_msgs_list_move() function. Fixes possible issues on MacOS Cyrus
CVE-2005-0104 - Possible XSS issues in src/webmail.php.
CVE-2005-1769 - Several cross site scripting (XSS) attacks.
CVE-2005-2095 - Extraction of all POST variables in advanced identity code.
+ CVE-2006-0188 - Possible XSS through right_frame parameter in webmail.php.
+ CVE-2006-0195 - Possible XSS in MagicHTML, IE only.
+ CVE-2006-0377 - IMAP injection in sqimap_mailbox_select mailbox parameter.
If you use SquirrelMail 1.5.0, you should upgrade to 1.5.1 or downgrade to latest
stable SquirrelMail version.
projects / squirrelmail.git / commitdiff