diff options
Diffstat (limited to 'polish/security/2004/dsa-535.wml')
-rw-r--r-- | polish/security/2004/dsa-535.wml | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/polish/security/2004/dsa-535.wml b/polish/security/2004/dsa-535.wml new file mode 100644 index 00000000000..7545f7c17ab --- /dev/null +++ b/polish/security/2004/dsa-535.wml @@ -0,0 +1,47 @@ +#use wml::debian::translation-check translation="1.1" maintainer="" +#pddp rafalm80 +<define-tag description>several vulnerabilities</define-tag> +<define-tag moreinfo> +<p>Four vulnerabilities were discovered in squirrelmail:</p> + +<ul> + +<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0519">CAN-2004-0519</a> + <p>Multiple cross-site scripting (XSS) vulnerabilities + in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary + script as other users and possibly steal authentication information + via multiple attack vectors, including the mailbox parameter in + compose.php.</p> + +<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0520">CAN-2004-0520</a> + <p>Cross-site scripting (XSS) vulnerability in mime.php + for SquirrelMail before 1.4.3 allows remote attackers to insert + arbitrary HTML and script via the content-type mail header, as + demonstrated using read_body.php.</p> + +<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0521">CAN-2004-0521</a> + <p>SQL injection vulnerability in SquirrelMail before + 1.4.3 RC1 allows remote attackers to execute unauthorized SQL + statements, with unknown impact, probably via abook_database.php.</p> + +<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0639">CAN-2004-0639</a> + <p>Multiple cross-site scripting (XSS) vulnerabilities + in Squirrelmail 1.2.10 and earlier allow remote attackers to inject + arbitrary HTML or script via (1) the $mailer variable in + read_body.php, (2) the $senderNames_part variable in + mailbox_display.php, and possibly other vectors including (3) the + $event_title variable or (4) the $event_text variable.</p> + +</ul> + +<p>For the current stable distribution (woody), these problems have been +fixed in version 1:1.2.6-1.4.</p> + +<p>For the unstable distribution (sid), these problems have been fixed in +2:1.4.3a-0.1 and earlier versions.</p> + +<p>We recommend that you update your squirrelmail package.</p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2004/dsa-535.data" |