lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <327030601.20050713141231@netdork.net>
Date: Wed, 13 Jul 2005 14:12:31 -0500
From: Jonathan Angliss <jon@...irrelmail.org>
To: SquirrelMail - Users <squirrelmail-users@...ts.sourceforge.net>,
	SquirrelMail - Plugins <squirrelmail-plugins@...ts.sourceforge.net>,
	<bugtraq@...urityfocus.com>
Cc: SquirrelMail - Devel <squirrelmail-devel@...ts.sourceforge.net>,
	SquirrelMail - Admin <squirrelmail-admin@...ts.sourceforge.net>,
	SquirrelMail - Announce <squirrelmail-announce@...ts.sourceforge.net>
Subject: [SM-ANNOUNCE] SquirrelMail 1.4.5 Released


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello All,

It is my proud pleasure to announce the final release of SquirrelMail
1.4.5.

This release is very important, and we strongly advise everybody to
update to the latest release.

Security Update
===============
This version contains a number of security updates that were brought
to our attention via a number of sources.

Several cross site scripting exploits were uncovered by Martijn
Brinkers and have been assigned the CAN-2005-1769.

Another vulnerability was uncovered by James Bercegay, from GulfTech
Security Research, which would allow a user to craft a special page
that might permit them to overwrite other user settings.  This has
been assigned the ID CAN-2005-2095.

Further details on SquirrelMail vulnerabilities can be found at the
following address:

  http://www.squirrelmail.org/security/

We strongly encourage any persons uncovering Security issues to
contact the SquirrelMail team via security@...irrelmail.org.


In This Release
===============
This release contains mostly bug fixes, including corrections for PHP
behaviour changes in file handling, and some data types.  We've also
added support for the SquirrelSpell plugin under safe_mode if using
PHP 4.3.0 or higher.  Other changes include support for Priority
headers, new Tahoma style sheets, and fixes in saving of searches.

For further information about the changes involved in this release,
please see the ChangeLog and ReleaseNotes files included with the
release.


The latest release can be downloaded from the SquirrelMail website at
http://www.squirrelmail.org/download.php

Happy SquirrelMailing
The SquirrelMail development Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)

iD8DBQFC1WeJK4PoFPj9H3MRAhBUAJ0TJK6Ci9yUKAyPZM3SNwbdXo4onwCeMhAS
pTVmDIRR9Cd1njje8UWbIBY=
=HoSJ
-----END PGP SIGNATURE-----



-------------------------------------------------------
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar
--
squirrelmail-users mailing list
Posting Guidelines: http://squirrelmail.org/wiki/wiki.php?MailingListPostingGuidelines
List Address: squirrelmail-users@...ts.sourceforge.net
List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user
List Archives:  http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ