SquirrelMail From Email Header HTML Injection Vulnerability

SquirrelMail From Email Header HTML Injection Vulnerability

Solution:
Debian has released security advisory DSA 535-1 with fixes to address this issue.

The vendor has released upgrades dealing with this issue.

Conectiva has released a security advisory (CLA-2004:858) to address multiple issues in squirrelmail. Please see the referenced advisory for more information.

SquirrelMail SquirrelMail 1.2 .0

SquirrelMail squirrelmail-1.4.3.tar.gz
http://www.squirrelmail.org/download.php

SquirrelMail SquirrelMail 1.2.1

SquirrelMail squirrelmail-1.4.3.tar.gz
http://www.squirrelmail.org/download.php

SquirrelMail SquirrelMail 1.2.2

SquirrelMail squirrelmail-1.4.3.tar.gz
http://www.squirrelmail.org/download.php

SquirrelMail SquirrelMail 1.2.3

SquirrelMail squirrelmail-1.4.3.tar.gz
http://www.squirrelmail.org/download.php

SquirrelMail SquirrelMail 1.2.4

SquirrelMail squirrelmail-1.4.3.tar.gz
http://www.squirrelmail.org/download.php

SquirrelMail SquirrelMail 1.2.5

SquirrelMail squirrelmail-1.4.3.tar.gz
http://www.squirrelmail.org/download.php

SquirrelMail SquirrelMail 1.2.6

Conectiva squirrelmail-1.4.3a-13677U90_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/squirrelmail-1.4.3a-13677U9 0_1cl.noarch.rpm

Conectiva squirrelmail-doc-1.4.3a-13677U90_1cl.noarch.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/squirrelmail-doc-1.4.3a-136 77U90_1cl.noarch.rpm

Debian squirrelmail_1.2.6-1.4_all.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelma il_1.2.6-1.4_all.deb

SquirrelMail squirrelmail-1.4.3.tar.gz
http://www.squirrelmail.org/download.php