[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Squirrelmail XSS security fix
From: Hanno =?UTF-8?B?QsO2Y2s=?= <hanno () hboeck ! de>
Date: 2018-07-26 7:50:57
Message-ID: 20180726095057.796664f1 () computer
[Download RAW message or body]
Hi,
I recently posted info about several XSS vulns in squirrelmail [1] to
this list.
Given its upstream state I considered forking squirrelmail, though I
reached out to the maintainer and he claims he's still actively working
on it. I sent him a couple of patches, but they're not applied yet.
For now I'm sharing the patches I use on my own installations:
https://github.com/hannob/squirrelpatches
This contains a security fix for the known XSS issues and hopefully a
few more (though I make no claims that this is safe from XSS now, I'd
appreciate if others could check). It also contains patches for PHP
warnings and issues with PHP 7.2.
[1] https://sourceforge.net/p/squirrelmail/bugs/2831/
--
Hanno Böck
https://hboeck.de/
mail/jabber: hanno@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic