http://blog.gmane.org/gmane.mail.squirrelmail.announce hourly 1 1901-01-01T00:00+00:00 http://gmane.org/img/gmane-25t.png http://gmane.org http://permalink.gmane.org/gmane.mail.squirrelmail.announce/38 ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ Thijs Kinkhorst 2008-05-23T17:56:27 http://permalink.gmane.org/gmane.mail.squirrelmail.announce/37 ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ Thijs Kinkhorst 2008-05-12T18:39:48 http://permalink.gmane.org/gmane.mail.squirrelmail.announce/36 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All, Due to the package compromise of 1.4.11, and 1.4.12, we are forced to release 1.4.13 to ensure no confusions. While initial review didn't uncover a need for concern, several proof of concepts show that the package alterations introduce a high risk security issue, allowing remote inclusion of files. These changes would allow a remote user the ability to execute exploit code on a victim machine, without any user interaction on the victim's server. This could grant the attacker the ability to deploy further code on the victim's server. We *STRONGLY* advise all users of 1.4.11, and 1.4.12 upgrade immediately. Package MD5s ============ 1a1bdad6245aaabcdd23d9402acb388e squirrelmail-1.4.13.tar.bz2 51ddd67a7ff9272f5a6e1da0b9dfbf18 squirrelmail-1.4.13.tar.gz ed8871a693cc57d5a0d511f7b89f8781 squirrelmail-1.4.13.zip We apologies for the inconvenience this may have caused. - -- Happy SquirrelMailing! The SquirrelMail Development Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFHYtKBK4PoFPj9H3MRAjiUAKDxM5V8J6vLEUAn7dfiIa1HYwKIWQCfYTbA 3nk8LOfqcBHfZ3IvEOXoOCo= =USb7 -----END PGP SIGNATURE----- ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace Jon Angliss 2007-12-14T18:59:08 http://permalink.gmane.org/gmane.mail.squirrelmail.announce/35 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All, It has been brought to our attention that the MD5 sums for the 1.4.12 package were not matching the actual package. We've been investigating this issue, and uncovered that the package was modified post release. This was believed to have been caused by a compromised account from one of our release maintainers. Further investigations show that the modifications to the code should have little to no impact at this time. Modifications seemed to be based around a PHP global variable which we cannot track down. The changes made will most likely generate an error, rather than a compromise of a system in the event the code does get executed. Original packages, stored on secure media, have been restored to the Sourceforge download servers, and additional signatures for the packages are now available on the SquirrelMail download page at http://www.squirrelmail.org/download.php While we believe the changes made should have little impact, we strongly recommend everybody that has downloaded the 1.4.12 package after the 8th December, to redownload the package. The code modifications did not made it into our source control, just the final package. We are currently investigating older packages to see if they were also compromised. Once again, the original package MD5s are: ea5e750797628c9f0f247009f8ae0e14 squirrelmail-1.4.12.tar.bz2 d17c1d9f1ee3dde2c1c21a22fc4f9d0e squirrelmail-1.4.12.tar.gz 3f6514939ea1ebf69f6f8c92781886ab squirrelmail-1.4.12.zip We apologies for the inconvenience this may have caused. For any further issues, please contact myself, or the security list security< at >squirrelmail.org - -- Happy SquirrelMailing! The SquirrelMail Development Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFHYWKoK4PoFPj9H3MRAjfTAKC0EFUlROK6RLvKy/jdfFjrl3t3hACcDc77 XBPILcvZEu4nNbemwxU8j1I= =FJzo -----END PGP SIGNATURE----- ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace Jon Angliss 2007-12-13T16:49:40 http://permalink.gmane.org/gmane.mail.squirrelmail.announce/34 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello All, It's my pleasure to announce the release of SquirrelMail 1.4.12. This release is a bug fix release, including a critical bug in the handling of attachments. The latest release can be downloaded from the SquirrelMail website at http://www.squirrelmail.org/download.php Package md5sums =============== ea5e750797628c9f0f247009f8ae0e14 squirrelmail-1.4.12.tar.bz2 d17c1d9f1ee3dde2c1c21a22fc4f9d0e squirrelmail-1.4.12.tar.gz 3f6514939ea1ebf69f6f8c92781886ab squirrelmail-1.4.12.zip - -- Happy SquirrelMailing! The SquirrelMail development team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFHVjr7K4PoFPj9H3MRAu0ZAJwOOSZ7pog6I3ydQXPWod+xiHZA/wCgg4AL TFxQQ53Vaph8FsLf6LskKMY= =6DYd -----END PGP SIGNATURE----- ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 Jon Angliss 2007-12-05T05:45:25 http://permalink.gmane.org/gmane.mail.squirrelmail.announce/33 ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ Thijs Kinkhorst 2007-09-29T08:24:35 http://permalink.gmane.org/gmane.mail.squirrelmail.announce/32 ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ Thijs Kinkhorst 2007-05-10T09:09:07 http://permalink.gmane.org/gmane.mail.squirrelmail.announce/31 ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ Thijs Kinkhorst 2007-05-09T15:34:12 http://permalink.gmane.org/gmane.mail.squirrelmail.announce/30 The SquirrelMail Project Team released the new translation packages for SquirrelMail 1.4.9 and 1.4.9a. You can download packages at the SquirrelMail site <http://www.squirrelmail.org/download.php>. Checksums of main packages: MD5 sums: eaa0e8835b8d7d451500aad907c22e24 all_locales-1.4.9-20070106.tar.bz2 1bc96d64a6d7904d454540209534c10a all_locales-1.4.9-20070106.tar.gz c12e2b4615cdcf9e0bf60b00b71f121a all_locales-1.4.9-20070106.zip b59be8696cbdb05a7684f8a53466e8b8 locales-1.4.9-20070106-src.tar.bz2 b2742f9a0030df68c0918a2ed604cbe8 locales-1.4.9-20070106-src.tar.gz 884775cdfdc01e07c6d590a13d278b2e locales-1.4.9-20070106-src.zip SHA1 sums: d187a9b77384b398a0945f51aaaf248379fdfa15 all_locales-1.4.9-20070106.tar.bz2 718fc4bfa9504f169f2e8498e84e1bc1831e50e6 all_locales-1.4.9-20070106.tar.gz f36c91691a948e742b32e90c821e647f3ab462be all_locales-1.4.9-20070106.zip 3cf37fd93ec81c9a694617dc20781434564d17a7 locales-1.4.9-20070106-src.tar.bz2 8d1b4bfdca2a157e5f424b7ec1cace6f6a33540b locales-1.4.9-20070106-src.tar.gz 817a8f8c6eb3b19e0919ce8130d4b0de50f6fb5f locales-1.4.9-20070106-src.zip ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV Fredrik Jervfors 2007-01-06T19:02:27 http://permalink.gmane.org/gmane.mail.squirrelmail.announce/29 Hello All, The SquirrelMail Project Team is proud to announce the release of SquirrelMail 1.4.9a. This version is a security release. The day after we released SquirrelMail 1.4.9 new cross site scripting issues were reported and immediately fixed. Therefor the decision to release 1.4.9a so short after the 1.4.9 release. 1.4.9 and 1.4.9a is addressing the following problems since 1.4.8: - Some security fixes (see below) - Small enhancements - A collection of bugfixes (see ChangeLog) Security issues =============== This release addresses security issues found since the release of 1.4.8: Cross site scripting via malicious input the mailto parameter of webmail.php, the session and delete_draft parameters of compose.php and via a shortcoming in the magicHTML filter. This is CVE-2006-6142. Thanks for Martijn Brinkers for his continued research that uncovered these issues. We've also changed SquirrelMail attachment handling to work around an issue in Internet Explorer: the browser will attempt to guess the MIME type of attachments based on content, not the MIME header we send. Attachments could fake to be an 'harmless' image/jpeg, while they were in fact HTML that Internet Explorer would render. After release 1.4.9 Martijn Brinkers again discovered new cross site scripting issues in the magicHtml filter. The new discovered security issues have to do with the wide intepretation of the words expression and url by IE browsers. As second issue Martijn Brinkers that the < at >import statement in stylesheets could be misused. Further details on SquirrelMail vulnerabilities can be found at the following address: http://www.squirrelmail.org/security/ Package md5sums =============== 3adf66bfe2e816ba8375cf811d8ef3f6 squirrelmail-1.4.9a.tar.bz2 5b19f8cc5badef91d1f2410df41564bc squirrelmail-1.4.9a.tar.gz a9e108418b0a42763a1d29a267fa7168 squirrelmail-1.4.9a.zip Download at: http://www.squirrelmail.org/download.php Happy SquirrelMailing! Marc Groot Koerkamp 2006-12-04T01:25:21 http://permalink.gmane.org/gmane.mail.squirrelmail.announce/28 All, Minor typo: This release is version 1.4.9 of course, not 1.4.7. It addresses issues contained in version 1.4.8 and lower. :-) Happy Squirreling! Paul Lesniewski SquirrelMail Project Team ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV Paul Lesniewski 2006-12-02T22:23:03 http://permalink.gmane.org/gmane.mail.squirrelmail.announce/27 ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV Thijs Kinkhorst 2006-12-02T15:48:45 http://permalink.gmane.org/gmane.mail.squirrelmail.announce/26 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello List, The SquirrelMail Project Team released new translation packages for SquirrelMail 1.4.8 version. You can find packages on SquirrelMail site (http://www.squirrelmail.org/download.php). Checksums of main packages MD5 sums: f8a042fd6b3ea68a3da49c3398224205 all_locales-1.4.8-20060903.tar.bz2 9663541d129cc00e57fac7a92378122b all_locales-1.4.8-20060903.tar.gz aea1c0a6211da5469286abc37b62a044 all_locales-1.4.8-20060903.zip 9874e86a4e2144b25d351267a8de52fd locales-1.4.8-20060903-src.tar.bz2 e185991a28949e57faee45035ecc1b38 locales-1.4.8-20060903-src.tar.gz 7cb23b64aa2bed299c1055693f517bd6 locales-1.4.8-20060903-src.zip SHA1 sums: dcfe8084c99033e12da7b813cb83fd757af7b0b6 all_locales-1.4.8-20060903.tar.bz2 5d1df8a6cefe1700b5e4c955ea93df424d11830f all_locales-1.4.8-20060903.tar.gz b698a826a7d7a62a8545b07bfd204476fc6bf5fc all_locales-1.4.8-20060903.zip 7d40e00d72a72b1b39110672e25a66c5e59040cf locales-1.4.8-20060903-src.tar.bz2 2660d6bb9d346c47fa082806ba34594b02b8a572 locales-1.4.8-20060903-src.tar.gz ed9520dedf7cf271c54de4a3cd5f625a1a490d4c locales-1.4.8-20060903-src.zip - -- Tomas Kuliavas The SquirrelMail Internationalization Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFE+xuRaYoxl8XwnvYRAsOhAKCWHwhwxm85cgwtd4/tCI3nu/iGDwCgweZn ad511ltHHlx1zojrcugqRuY= =HYJS -----END PGP SIGNATURE----- ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 Tomas Kuliavas 2006-09-03T18:14:42 http://permalink.gmane.org/gmane.mail.squirrelmail.announce/25 ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 Thijs Kinkhorst 2006-08-11T12:26:09 http://permalink.gmane.org/gmane.mail.squirrelmail.announce/24 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello All, The SquirrelMail Project Team is proud to announce the release of SquirrelMail 1.4.7. This version is a maintenance release, addressing the following problems since 1.4.6: - - Minor security fixes (see below) - - A lot of bugfixes (see ChangeLog) - - Added support for Ukrainian Security issues =============== This release addresses two different security issues found since the release of 1.4.6, which we consider to be of minor severity, but they have of course been fixed: - - It was possible to include a local file through functions/plugin.php with register_globals enabled, and magic_quotes disabled. However, running with register_globals enabled is completely unnecessary and a well-known security hazard. We've now changed the code such that when register_globals is enabled, all globals are deregistered. Reported by Denix Solutions, thanks! - - It was possible to steal a cookie of a user that ran on the same base domain. Since this setup is already inherently insecure we don't think the impact is big, but the code was of course fixed to also incorporate the path to SquirrelMail. Further details on SquirrelMail vulnerabilities can be found at the following address: http://www.squirrelmail.org/security/ We strongly encourage any persons uncovering security issues to contact the SquirrelMail team via security <at> squirrelmail.org. Package md5sums =============== 08301f14d71e4452e93f21b5e6747a4a squirrelmail-1.4.7.tar.bz2 f53c91d7799cd8fd9d0550f2cc7a8815 squirrelmail-1.4.7.tar.gz 32688d817c6dc537ea8d3b9e84f47d4c squirrelmail-1.4.7.zip 4b78f4612ef0a68e5a81a818a113497c all_locales-1.4.7-20060702.tar.bz2 d89415a37ebb83e5910a8f7b3219a0be all_locales-1.4.7-20060702.tar.gz 18cb3083488f26cd7e99daf16a497fc1 all_locales-1.4.7-20060702.zip - -- Tomas Kuliavas The SquirrelMail Project Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEqst2aYoxl8XwnvYRAj02AJ0YiYIzdrh9VQTh7FdP76VEgUjO3QCfVwaL wy4ixnh6UorXuNwpQLZisgE= =VA8Q -----END PGP SIGNATURE----- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 Tomas Kuliavas 2006-07-04T20:11:35 http://permalink.gmane.org/gmane.mail.squirrelmail.announce/23 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello List, The SquirrelMail Project Team released new translation packages for SquirrelMail 1.4.6 version. You can find packages on SquirrelMail site (http://www.squirrelmail.org/download.php). Information about main updates: * added Ukrainian translation by Serhij Dubyk * fixed some Japanese and French translation strings * updated Geogian and Norwegian Nynorsk translations * updated some plugin translations Ukrainian translation needs some modification in stock SquirrelMail 1.4.6 functions/i18n.php file. Modified file and patch are included in package. Checksums of main packages MD5 sums: * 24528f477061400d2b457be2ee819c69 all_locales-1.4.6-20060409.tar.bz2 * 70508bf22c320103beef344591e28973 all_locales-1.4.6-20060409.tar.gz * 8cf2b7209c4c5be75418addf23440114 all_locales-1.4.6-20060409.zip * 59bf0e99dd0e57d0329e9eacb679a83c locales-1.4.6-20060409-src.tar.bz2 * ddd0e3245683ba44211d9ea49681cba1 locales-1.4.6-20060409-src.tar.gz * f406db532ecc6a09155580da9beebf39 locales-1.4.6-20060409-src.zip SHA1 sums: * 4a6b748d4558c516a0c65b6889ce4ab32876a7eb all_locales-1.4.6-20060409.tar.bz2 * 5f369e0ac3e02f265854363281ec341e4dd1a356 all_locales-1.4.6-20060409.tar.gz * 8c6989b7f0059f44c6959f70ab6e913b7c1d7f29 all_locales-1.4.6-20060409.zip * 086c206cc0d6793c966a426d6daea8d4a2e23bbe locales-1.4.6-20060409-src.tar.bz2 * 2434dcd5ca2cffc4c82c5c121f58f10386116320 locales-1.4.6-20060409-src.tar.gz * 8bf924a86b852cbba94dc01aaa2cebd6168d1a0a locales-1.4.6-20060409-src.zip - -- Tomas Kuliavas The SquirrelMail Internationalization Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEOpqEaYoxl8XwnvYRAm7sAKCyXhoI83Z42ljbh/i6e4IOJn+ykQCfTBX7 z/uhtWCNVlrlVoayTonXQ3I= =Yigg -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 Tomas Kuliavas 2006-04-10T17:48:53 http://permalink.gmane.org/gmane.mail.squirrelmail.announce/22 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello List, The SquirrelMail Project Team released new translation packages for SquirrelMail 1.5.1 version. You can find packages on SquirrelMail site (http://www.squirrelmail.org/download.php). Checksums of main packages MD5 sums: * 739e6e1f29a8e3177b083c1971bbe358 all_locales-1.5.1-20060409.tar.bz2 * 32946a396a96c3e2c6619d07f66c2743 all_locales-1.5.1-20060409.tar.gz * c5ec37cb53047582d6cbcf181a758195 all_locales-1.5.1-20060409.zip * 3265012a6f8746d5a1949fbb3ec4a87a locales-1.5.1-20060409-src.tar.bz2 * a1ebe91fa403dc2451c0ee8d9d9408e6 locales-1.5.1-20060409-src.tar.gz * f05e444c769825831c75048d62669b74 locales-1.5.1-20060409-src.zip SHA1 sums: * 74c5321f5269f980e7e7adb33b376a0637798e9f all_locales-1.5.1-20060409.tar.bz2 * 150aed5c7b27009c6a0073a44cb6fa0a9fcf3561 all_locales-1.5.1-20060409.tar.gz * cb2b972ade07abd78c8ad4bb22b45135c803ac04 all_locales-1.5.1-20060409.zip * a1a7c8d348e5c67c1e9b3688d8d2f36fc8167bcf locales-1.5.1-20060409-src.tar.bz2 * 00b19f6189aab6e68af54013fa88388b40a754a6 locales-1.5.1-20060409-src.tar.gz * cbf77ba11d89ba647d8f3ce732f875199ce797e6 locales-1.5.1-20060409-src.zip - -- Tomas Kuliavas The SquirrelMail Internationalization Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEOpUJaYoxl8XwnvYRAu+eAKCdLuR7PnFSCTfawiAAs3CNS73NZwCgupHf Tv8/SElWxOUUay8Jlmiysfs= =qINo -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 Tomas Kuliavas 2006-04-10T17:25:29 http://permalink.gmane.org/gmane.mail.squirrelmail.announce/21 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello List, The SquirrelMail Project Team released translation packages for SquirrelMail 1.4.6 version. You can find packages on SquirrelMail site (http://www.squirrelmail.org/download.php). Checksums of main packages MD5 sums: * 29dfec2e0f71fba368a89c36c51881c2 all_locales-1.4.6-20060221.tar.bz2 * d80e36431440eafdbc3142dd71811b5a all_locales-1.4.6-20060221.tar.gz * 5f934b7cdee22042bc2fef6178ec5135 all_locales-1.4.6-20060221.zip * 55964cd68f93dd2fe0eba19e1d2b6b0b locales-1.4.6-20060221-src.tar.bz2 * 0dfa7bc01e77d5eec9aba176b1465025 locales-1.4.6-20060221-src.tar.gz * eb3e17ac4f1141b3fd04a108c7a21e6e locales-1.4.6-20060221-src.zip SHA1 sums: * 110dbcd216005138fd8415b569b5b93fb929977e all_locales-1.4.6-20060221.tar.bz2 * 5c53ed7fc3b3a8ae0521e48ad70455eb500d0ae9 all_locales-1.4.6-20060221.tar.gz * 74e79ef72b3e9f8fcdadccf1cfb0802d4c485c5a all_locales-1.4.6-20060221.zip * b6a0c19834a54de2e42428207ddb258b5e1fcfa4 locales-1.4.6-20060221-src.tar.bz2 * c68aa1612d730077889379b5f35b1e7e5d3b40ab locales-1.4.6-20060221-src.tar.gz * 27105602db65cc289aafdfa475053d2b78c7e2ad locales-1.4.6-20060221-src.zip - -- Tomas Kuliavas The SquirrelMail Internationalization Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFD/1UGaYoxl8XwnvYRAvm8AKCJ3OiAcF1BR4zB2gpUUHBWKEttYQCbB2lu 6wYDlK3wftewrxAMEYuenbk= =LvX5 -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 Tomas Kuliavas 2006-02-24T18:48:39 http://permalink.gmane.org/gmane.mail.squirrelmail.announce/20 Hello All, It is my proud pleasure to announce the final release of SquirrelMail 1.4.6. This release is very important, and we strongly advise everybody to update to the latest release. Security Update =============== This version contains a number of security updates that were brought to our attention via a number of sources. - In webmail.php, the right_frame parameter was not properly sanitized to deal with very lenient browsers, which allowed for cross site scripting or frame replacing. [CVE-2006-0188] - In the MagicHTML function, some very obscure constructs were discovered to be exploitable: 'u\rl' was interpreted as 'url' (privacy concern), and comments could be inside keywords (allows for cross site scripting). Both only affect Internet Explorer users. Found by Martijn Brinkers and Scott Hughes. [CVE-2006-0195] - The function sqimap_mailbox_select did not strip newlines from the mailbox parameter, and thereby allowed for IMAP command injection. Found by Vicente Aguilera. [CVE-2006-0377] Further details on SquirrelMail vulnerabilities can be found at the following address: http://www.squirrelmail.org/security/ We strongly encourage any persons uncovering Security issues to contact the SquirrelMail team via security< at >squirrelmail.org. In This Release =============== This release contains mostly bug fixes, including corrections for PHP behaviour changes in file handling, and some data types. Especially running SquirrelMail on the most recent PHP versions should be much improved. For further information about the changes involved in this release, please see the ChangeLog and ReleaseNotes files included with the release. The latest release can be downloaded from the SquirrelMail website at http://www.squirrelmail.org/download.php Happy SquirrelMailing The SquirrelMail development Team Thijs Kinkhorst 2006-02-23T22:01:59 http://permalink.gmane.org/gmane.mail.squirrelmail.announce/19 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello List, The SquirrelMail Project Team released translation packages for SquirrelMail 1.5.1 version. You can find packages on SquirrelMail site (http://www.squirrelmail.org/download.php). Checksums of main packages MD5 sums: * ea311416ba9a96352a0728f5a7611102 all_locales-1.5.1-20060219.tar.bz2 * 10d7e98bfacb3f000e7402ea8e19368e all_locales-1.5.1-20060219.tar.gz * e2860bb07371764e8696ca46694eecc1 all_locales-1.5.1-20060219.zip * 1e20ae4b083decc33057dab44676dc87 locales-1.5.1-20060219-src.tar.bz2 * 9d456578819212263185c77997023e82 locales-1.5.1-20060219-src.tar.gz * 7ab7255ba2074e32a337723e6f951d63 locales-1.5.1-20060219-src.zip SHA1 sums: * 77d2f0f4328ff546076181fa5c54b64ce8994888 all_locales-1.5.1-20060219.tar.bz2 * 0bd8fa9db4712235d358640d1b5999b4db67bb77 all_locales-1.5.1-20060219.tar.gz * 0f5f3b077bbd729aa3733d67bf2ed107b9eb0a8f all_locales-1.5.1-20060219.zip * 268cedbda5cce88521b354babd70aaa079455518 locales-1.5.1-20060219-src.tar.bz2 * 90317abccc3a44ae493cbed35d11855a09dd701e locales-1.5.1-20060219-src.tar.gz * f6d62a78afef392be00d4de96329e10e065cd660 locales-1.5.1-20060219-src.zip - - -- Tomas Kuliavas The SquirrelMail Internationalization Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFD+IgFaYoxl8XwnvYRAgY5AJ9PINdBAD1UvMS35CwK0SUa+a0W4QCeOkKO viriavY8gN9HgvK0m9LGuPw= =+0AE -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 Tomas Kuliavas 2006-02-19T15:00:21 http://permalink.gmane.org/gmane.mail.squirrelmail.announce/18 Hello List, The SquirrelMail Team is proud to announce the release of SquirrelMail 1.5.1! This is the second release of the development 1.5.x series. This release contains many updates like improved performance, PHP5 support, interface tweaks and preliminary template support. For more info see the release notes (http://sourceforge.net/project/shownotes.php?group_id=311&release_id=394739). To grab your copy, go to http://www.squirrelmail.org/download.php. Regards, Marc Groot Koerkamp Squirrelmail Development Leader. ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 Marc Groot Koerkamp 2006-02-19T13:26:12 Search the mailing list at Gmane query http://search.gmane.org/?group=$group=gmane.mail.squirrelmail.announce