Debian Security Advisory
DSA-1241-1 squirrelmail -- cross-site scripting
- Date Reported:
- 25 Dec 2006
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2006-6142.
- More information:
Also, a workaround was made for Internet Explorer <= 5: IE will attempt to guess the MIME type of attachments based on content, not the MIME header sent. Attachments could fake to be a 'harmless' JPEG, while they were in fact HTML that Internet Explorer would render.
For the stable distribution (sarge) these problems have been fixed in version 2:1.4.4-10.
For the upcoming stable distribution (etch) these problems have been fixed in version 2:1.4.9a-1.
For the unstable distribution (sid) these problems have been fixed in version 2:1.4.9a-1.
We recommend that you upgrade your squirrelmail package.
- Fixed in:
Debian GNU/Linux 3.1 (sarge)
- Architecture-independent component:
MD5 checksums of the listed files are available in the original advisory.