Date: Thu, 26 Jul 2018 09:50:57 +0200 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: Squirrelmail XSS security fix Hi, I recently posted info about several XSS vulns in squirrelmail  to this list. Given its upstream state I considered forking squirrelmail, though I reached out to the maintainer and he claims he's still actively working on it. I sent him a couple of patches, but they're not applied yet. For now I'm sharing the patches I use on my own installations: https://github.com/hannob/squirrelpatches This contains a security fix for the known XSS issues and hopefully a few more (though I make no claims that this is safe from XSS now, I'd appreciate if others could check). It also contains patches for PHP warnings and issues with PHP 7.2.  https://sourceforge.net/p/squirrelmail/bugs/2831/ -- Hanno Böck https://hboeck.de/ mail/jabber: hanno@...eck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ