Home page logo

bugtraq logo Bugtraq mailing list archives

[SM-ANNOUNCE] SquirrelMail 1.4.5 Released
From: Jonathan Angliss <jon () squirrelmail org>
Date: Wed, 13 Jul 2005 14:12:31 -0500

Hash: SHA1

Hello All,

It is my proud pleasure to announce the final release of SquirrelMail

This release is very important, and we strongly advise everybody to
update to the latest release.

Security Update
This version contains a number of security updates that were brought
to our attention via a number of sources.

Several cross site scripting exploits were uncovered by Martijn
Brinkers and have been assigned the CAN-2005-1769.

Another vulnerability was uncovered by James Bercegay, from GulfTech
Security Research, which would allow a user to craft a special page
that might permit them to overwrite other user settings.  This has
been assigned the ID CAN-2005-2095.

Further details on SquirrelMail vulnerabilities can be found at the
following address:


We strongly encourage any persons uncovering Security issues to
contact the SquirrelMail team via security () squirrelmail org 

In This Release
This release contains mostly bug fixes, including corrections for PHP
behaviour changes in file handling, and some data types.  We've also
added support for the SquirrelSpell plugin under safe_mode if using
PHP 4.3.0 or higher.  Other changes include support for Priority
headers, new Tahoma style sheets, and fixes in saving of searches.

For further information about the changes involved in this release,
please see the ChangeLog and ReleaseNotes files included with the

The latest release can be downloaded from the SquirrelMail website at

Happy SquirrelMailing
The SquirrelMail development Team
Version: GnuPG v1.4.1 (MingW32)


  By Date           By Thread  

Current thread:
  • [SM-ANNOUNCE] SquirrelMail 1.4.5 Released Jonathan Angliss (Jul 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]