SqWebMail Email Header HTML Injection Vulnerability

SqWebMail Email Header HTML Injection Vulnerability

Solution:
The vendor has released version 4.0.5 dealing with this issue. Users of affected packages are urged to upgrade.

Debian has released an advisory (DSA 533-1) to address this issue. Please see the referenced advisory for more information.

Inter7 SqWebMail 4.0.4 .20040524

Debian courier-authdaemon_0.37.3-2.5_arm.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/c/courier/courier-authdae mon_0.37.3-2.5_arm.deb

Debian courier-doc_0.37.3-2.5_all.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/c/courier/courier-doc_0.3 7.3-2.5_all.deb

Inter7 sqwebmail-4.0.5.tar.bz2
http://prdownloads.sourceforge.net/courier/sqwebmail-4.0.5.tar.bz2