aboutsummaryrefslogtreecommitdiffstats
path: root/polish/security/2004/dsa-535.wml
diff options
context:
space:
mode:
Diffstat (limited to 'polish/security/2004/dsa-535.wml')
-rw-r--r--polish/security/2004/dsa-535.wml47
1 files changed, 47 insertions, 0 deletions
diff --git a/polish/security/2004/dsa-535.wml b/polish/security/2004/dsa-535.wml
new file mode 100644
index 00000000000..7545f7c17ab
--- /dev/null
+++ b/polish/security/2004/dsa-535.wml
@@ -0,0 +1,47 @@
+#use wml::debian::translation-check translation="1.1" maintainer=""
+#pddp rafalm80
+<define-tag description>several vulnerabilities</define-tag>
+<define-tag moreinfo>
+<p>Four vulnerabilities were discovered in squirrelmail:</p>
+
+<ul>
+
+<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0519">CAN-2004-0519</a>
+ <p>Multiple cross-site scripting (XSS) vulnerabilities
+ in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary
+ script as other users and possibly steal authentication information
+ via multiple attack vectors, including the mailbox parameter in
+ compose.php.</p>
+
+<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0520">CAN-2004-0520</a>
+ <p>Cross-site scripting (XSS) vulnerability in mime.php
+ for SquirrelMail before 1.4.3 allows remote attackers to insert
+ arbitrary HTML and script via the content-type mail header, as
+ demonstrated using read_body.php.</p>
+
+<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0521">CAN-2004-0521</a>
+ <p>SQL injection vulnerability in SquirrelMail before
+ 1.4.3 RC1 allows remote attackers to execute unauthorized SQL
+ statements, with unknown impact, probably via abook_database.php.</p>
+
+<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0639">CAN-2004-0639</a>
+ <p>Multiple cross-site scripting (XSS) vulnerabilities
+ in Squirrelmail 1.2.10 and earlier allow remote attackers to inject
+ arbitrary HTML or script via (1) the $mailer variable in
+ read_body.php, (2) the $senderNames_part variable in
+ mailbox_display.php, and possibly other vectors including (3) the
+ $event_title variable or (4) the $event_text variable.</p>
+
+</ul>
+
+<p>For the current stable distribution (woody), these problems have been
+fixed in version 1:1.2.6-1.4.</p>
+
+<p>For the unstable distribution (sid), these problems have been fixed in
+2:1.4.3a-0.1 and earlier versions.</p>
+
+<p>We recommend that you update your squirrelmail package.</p>
+</define-tag>
+
+# do not modify the following line
+#include "$(ENGLISHDIR)/security/2004/dsa-535.data"

© 2014-2024 Faster IT GmbH | imprint | privacy policy