[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squirrelmail-cvs
Subject:    [SM-CVS] SF.net SVN: squirrelmail:[14122] trunk/squirrelmail
From:       pdontthink () users ! sourceforge ! net
Date:       2011-07-12 4:59:12
Message-ID: E1QgV3w-0003IG-Tb () sfp-svn-4 ! v30 ! ch3 ! sourceforge ! com
[Download RAW message or body]

Revision: 14122
          http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=14122&view=rev
Author:   pdontthink
Date:     2011-07-12 04:59:12 +0000 (Tue, 12 Jul 2011)

Log Message:
-----------
Fix XSS problem with unsanitized style tags in messages [CVE-2011-2023]

Modified Paths:
--------------
    trunk/squirrelmail/doc/ChangeLog
    trunk/squirrelmail/functions/mime.php

Modified: trunk/squirrelmail/doc/ChangeLog
===================================================================
--- trunk/squirrelmail/doc/ChangeLog	2011-07-12 04:53:35 UTC (rev 14121)
+++ trunk/squirrelmail/doc/ChangeLog	2011-07-12 04:59:12 UTC (rev 14122)
@@ -365,6 +365,7 @@
   - Fixed XSS holes in generic options inputs, XSS hole in the SquirrelSpell
     plugin, and added anti-CSRF protection to the empty trash feature (thanks
     to Nicholas Carlini for finding all these issues). [CVE-2010-4555]
+  - Fixed XSS problem with unsanitized style tags in messages. [CVE-2011-2023]
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------

Modified: trunk/squirrelmail/functions/mime.php
===================================================================
--- trunk/squirrelmail/functions/mime.php	2011-07-12 04:53:35 UTC (rev 14121)
+++ trunk/squirrelmail/functions/mime.php	2011-07-12 04:59:12 UTC (rev 14122)
@@ -2350,6 +2350,15 @@
             list($free_content, $curpos) =
                 sq_fixstyle($body, $gt+1, $message, $id, $mailbox);
             if ($free_content != FALSE){
+                $attary = sq_fixatts($tagname,
+                                     $attary,
+                                     $rm_attnames,
+                                     $bad_attvals,
+                                     $add_attr_to_tag,
+                                     $message,
+                                     $id,
+                                     $mailbox
+                                     );
                 $trusted .= sq_tagprint($tagname, $attary, $tagtype);
                 $trusted .= $free_content;
                 $trusted .= sq_tagprint($tagname, false, 2);


This was sent by the SourceForge.net collaborative development platform, the world's \
largest Open Source development site.

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
-----
squirrelmail-cvs mailing list
List address: squirrelmail-cvs@lists.sourceforge.net
List info (subscribe/unsubscribe/change options): \
                https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
Repository: http://squirrelmail.org/svn


[prev in list] [next in list] [prev in thread] [next in thread]