From dfce8fcec67bf7d756908cb15d143294fb986479 Mon Sep 17 00:00:00 2001 From: kink Date: Mon, 30 Jan 2006 10:08:38 +0000 Subject: [PATCH] document cve's git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@10614 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- ChangeLog | 7 +++++-- ReleaseNotes | 3 +++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index a6d37438..6acfc9ab 100644 --- a/ChangeLog +++ b/ChangeLog @@ -511,14 +511,17 @@ Version 1.5.1 -- CVS - Fixed character wrapping/encoding issues in Japanese translation (#1377622). Issue is specific to sqBodyWrap() and string function wrappers introduced in 1.5.1. - - MagicHTML fix for comments in styles. + - Security: MagicHTML fix for comments in styles which allowed + for cross site scripting when using Internet Explorer + [CVE-2006-0195]. - Added 'mail' and 'sn' attributes to address book LDAP backend search expression (#1368154). - Added mailbox caching code by Michael Long. - Prevent output of whitespace during plugin activation. Fixes possible attachment corruption by incorrectly coded plugins. - Fixed data sanitizing in calendar plugin (#1291081)(#705796). - - Prohibit imap injection attempts (reported by Vicente Aguilera) + - Security: Prohibit imap injection attempts (reported by Vicente Aguilera) + [CVE-2006-0377]. - Don't move messages in sqimap_msgs_list_move() function call, when target mailbox is same as source mailbox. Adds fifth argument to sqimap_msgs_list_move() function. Fixes possible issues on MacOS Cyrus diff --git a/ReleaseNotes b/ReleaseNotes index 3863ea32..bbb0d15d 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -64,6 +64,9 @@ release: CVE-2005-0104 - Possible XSS issues in src/webmail.php. CVE-2005-1769 - Several cross site scripting (XSS) attacks. CVE-2005-2095 - Extraction of all POST variables in advanced identity code. + CVE-2006-0188 - Possible XSS through right_frame parameter in webmail.php. + CVE-2006-0195 - Possible XSS in MagicHTML, IE only. + CVE-2006-0377 - IMAP injection in sqimap_mailbox_select mailbox parameter. If you use SquirrelMail 1.5.0, you should upgrade to 1.5.1 or downgrade to latest stable SquirrelMail version. -- 2.25.1