——————————————————————————–
Fedora Update Notification
FEDORA-2019-1a87523729
2019-08-21 02:11:25.390054
——————————————————————————–
Name : squirrelmail
Product : Fedora 29
Version : 1.4.23
Release : 1.fc29.20190710
URL : http://www.squirrelmail.org/
Summary : webmail client written in php
Description :
SquirrelMail is a basic webmail package written in PHP4. It
includes built-in pure PHP support for the IMAP and SMTP protocols, and
all pages render in pure HTML 4.0 (with no JavaScript) for maximum
compatibility across browsers. It has very few requirements and is very
easy to configure and install.
——————————————————————————–
Update Information:
updated to 1.4 branch snapshot containing several security fixes
——————————————————————————–
ChangeLog:
* Wed Jul 10 2019 Michal Hlavinka <mhlavink@redhat.com> – 1.4.23-1.20190710
– squirrelmail updated to newer snapshot
* Sun Feb 3 2019 Fedora Release Engineering <releng@fedoraproject.org> – 1.4.23-1.20180816
– Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
——————————————————————————–
References:
[ 1 ] Bug #1616100 – CVE-2018-14955 squirrelmail: persistent XSS in message display via SVG animations [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1616100
[ 2 ] Bug #1616097 – CVE-2018-14954 squirrelmail: persistent XSS in message display the formaction attribute [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1616097
[ 3 ] Bug #1616094 – CVE-2018-14953 squirrelmail: persistent XSS in message display via a “<math xlink:href=” [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1616094
[ 4 ] Bug #1616090 – CVE-2018-14952 squirrelmail: persistent XSS in message display via a “<math><maction xlink:href=” [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1616090
[ 5 ] Bug #1616087 – CVE-2018-14951 squirrelmail: persistent XSS in message display via a “<form action=’data:text” [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1616087
[ 6 ] Bug #1616084 – CVE-2018-14950 squirrelmail: persistent XSS in message display via a “<svg><a xlink:href=” [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1616084
[ 7 ] Bug #1560341 – CVE-2018-8741 SquirrelMail: Directory traversal flaw in Deliver.class.php can allow a remote attacker to retrieve or delete arbitrary files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1560341
——————————————————————————–
This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-1a87523729’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org