Information on source package squirrelmail

Available versions

ReleaseVersion
wheezy2:1.4.23~svn20120406-2
wheezy (security)2:1.4.23~svn20120406-2+deb7u1
jessie2:1.4.23~svn20120406-2
jessie (security)2:1.4.23~svn20120406-2+deb8u1

Resolved issues

BugDescription
CVE-2017-7692SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) ...
CVE-2012-2124functions/imap_general.php in SquirrelMail, as used in Red Hat ...
CVE-2011-2753Multiple cross-site request forgery (CSRF) vulnerabilities in ...
CVE-2011-2752CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows ...
CVE-2011-2023Cross-site scripting (XSS) vulnerability in functions/mime.php in ...
CVE-2010-4555Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...
CVE-2010-4554functions/page_header.php in SquirrelMail 1.4.21 and earlier does not ...
CVE-2010-2813functions/imap_general.php in SquirrelMail before 1.4.21 does not ...
CVE-2010-1637The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote ...
CVE-2009-2964Multiple cross-site request forgery (CSRF) vulnerabilities in ...
CVE-2009-1581functions/mime.php in SquirrelMail before 1.4.18 does not protect the ...
CVE-2009-1580Session fixation vulnerability in SquirrelMail before 1.4.18 allows ...
CVE-2009-1579The map_yp_alias function in functions/imap_general.php in ...
CVE-2009-1578Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...
CVE-2009-1381The map_yp_alias function in functions/imap_general.php in ...
CVE-2009-0030A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID ...
CVE-2008-3663Squirrelmail 1.4.15 does not set the secure flag for the session ...
CVE-2008-2379Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 ...
CVE-2007-6348SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net ...
CVE-2007-2589Cross-site request forgery (CSRF) vulnerability in compose.php in ...
CVE-2007-1262Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter ...
CVE-2006-6142Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...
CVE-2006-4019Dynamic variable evaluation vulnerability in compose.php in ...
CVE-2006-3665SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows ...
CVE-2006-3174Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail ...
CVE-2006-2842** DISPUTED ** ...
CVE-2006-0377CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows ...
CVE-2006-0195Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 ...
CVE-2006-0188webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to ...
CVE-2005-2095options_identities.php in SquirrelMail 1.4.4 and earlier uses the ...
CVE-2005-1769Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...
CVE-2005-0152PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows ...
CVE-2005-0104Cross-site scripting (XSS) vulnerability in webmail.php in ...
CVE-2005-0103PHP remote file inclusion vulnerability in webmail.php in SquirrelMail ...
CVE-2005-0075prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, ...
CVE-2004-1036Cross-site scripting (XSS) vulnerability in the decoding of encoded ...
CVE-2004-0639Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail ...
CVE-2004-0521SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows ...
CVE-2004-0520Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail ...
CVE-2004-0519Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...
CVE-2003-0990The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 ...
CVE-2003-0160Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...
CVE-2002-1650The spell checker plugin (check_me.mod.php) for SquirrelMail before ...
CVE-2002-1649Cross-site scripting (XSS) vulnerability in read_body.php in ...
CVE-2002-1648Cross-site request forgery (CSRF) vulnerability in compose.php in ...
CVE-2002-1341Cross-site scripting (XSS) vulnerability in read_body.php for ...
CVE-2002-1276An incomplete fix for a cross-site scripting (XSS) vulnerability in ...
CVE-2002-1132SquirrelMail 1.2.7 and earlier allows remote attackers to determine ...
CVE-2002-1131Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and ...

Security announcements

DSA / DLADescription
DLA-941-1squirrelmail - security update
DSA-3852-1squirrelmail - security update
DSA-2291-1squirrelmail - various issues
DSA-2291-1squirrelmail - various issues
DSA-2091-1squirrelmail - cross-site request forgery
DSA-1802-2squirrelmail - incomplete fix
DSA-1802-2squirrelmail - incomplete fix
DSA-1802-1squirrelmail - several vulnerabilities
DSA-1802-1squirrelmail - several vulnerabilities
DSA-1682-1squirrelmail - cross site scripting
DSA-1290-1squirrelmail
DSA-1290-1squirrelmail
DSA-1241-1squirrelmail
DSA-1154squirrelmail - variable overwriting
DSA-988-1squirrelmail - several
DSA-988-1squirrelmail - several
DSA-756-1squirrelmail - several
DSA-756-1squirrelmail - several
DSA-662-1squirrelmail - several
DSA-535squirrelmail - several vulnerabilities
DSA-220squirrelmail - cross site scripting
DSA-191squirrelmail - cross site scripting

Search for package or bug name: Reporting problems