Ubuntu
squirrelmail package

Cross site scripting in HTML filter

Bug #113725 reported by Leonel Nunez on 2007-05-10

264

	Status	Importance	Assigned to
squirrelmail (Ubuntu)	Fix Released	High	Unassigned
Dapper	Fix Released	High	Leonel Nunez
Edgy	Fix Released	High	Leonel Nunez
Feisty	Fix Released	High	Unassigned
Gutsy	Fix Released	High	Unassigned

Bug Description

Cross Site scripting in HTML filter
afected versions 1.4.0 - 1.4.9a

CVE References

2007-1262

Revision history for this message

Leonel Nunez (leonelnunez) wrote on 2007-05-10:

debdiff for fixed package Edit (23.7 KiB, text/plain)

The pbuilder was successful and the patch applied

Revision history for this message

Leonel Nunez (leonelnunez) wrote on 2007-05-10:

upstream advisory
http://www.squirrelmail.org/security/issue/2007-05-09

Revision history for this message

Scott Kitterman (kitterman) wrote on 2007-05-10:

For Gutsy, we can probably just wait for 1.4.10 to get packaged an sync from Debian.

Scott Kitterman (kitterman) on 2007-05-10

Changed in squirrelmail:
importance:	Undecided → High
status:	Unconfirmed → Confirmed
importance:	Undecided → High
status:	Unconfirmed → Confirmed

Revision history for this message

Scott Kitterman (kitterman) wrote on 2007-05-10:

Note that squirrelmail issued an updated patch to deal with a regression, so we should understand that before publishing the fix.

Revision history for this message

Leonel Nunez (leonelnunez) wrote on 2007-05-10:

regression-fix.debdiff Edit (23.8 KiB, text/plain)

pbuilder was succeful and the regression patch applied

Revision history for this message

Scott Kitterman (kitterman) wrote on 2007-05-10:

Looks good to me. Confirmed the patch has been modified successfully for the regression fix.

Revision history for this message

Leonel Nunez (leonelnunez) wrote on 2007-05-12:

html-filter-fix.debdiff Edit (21.3 KiB, text/plain)

Revision history for this message

Daniel T Chen (crimsun) wrote on 2007-05-12:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 11 May 2007 18:39:34 -0600
Source: squirrelmail
Binary: squirrelmail
Architecture: source
Version: 2:1.4.9a-1ubuntu0.1
Distribution: feisty-security
Urgency: low
Maintainer: Jeroen van Wolffelaar <email address hidden>
Changed-By: leonel <email address hidden>
Description:
squirrelmail - Webmail for nuts
Launchpad-Bugs-Fixed: 113725
Changes:
squirrelmail (2:1.4.9a-1ubuntu0.1) feisty-security; urgency=low
.
   [SECURITY]
   * functions/mime.php,
     src/compose.php,
     src/view_text.php:
     - Validate input to resolve XSS in HTML filter
     - Updated to fix regression in initial patch
     LP: #113725.
   * References:
     CVE-2007-1262
     http://www.squirrelmail.org/security/issue/2007-05-09
Files:
5fd84cf7801aa82321b15f5702c973a6 739 web optional squirrelmail_1.4.9a-1ubuntu0.
1.dsc
c494e3a735f99c07360552d68d35fc62 23563 web optional squirrelmail_1.4.9a-1ubuntu
0.1.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGRRaye9GwFciKvaMRAgwgAJ9QsdTduNEL5DzaNbzzc8j4TrDDEwCdFuES
r4GZYgU99kmCJBXWomLEgts=
=YRM/
-----END PGP SIGNATURE-----

Changed in squirrelmail:
status:	Confirmed → In Progress

Revision history for this message

Kees Cook (kees) wrote on 2007-05-14:

I am confused by the attachments. :) Which is the "correct" version? "regression-fix" or "html-filter" ?

Revision history for this message

Kees Cook (kees) wrote on 2007-05-14:

#10

Debian's version (2:1.4.10a-1) has this fixed now.

Changed in squirrelmail:
status:	Confirmed → Fix Released

Revision history for this message

Scott Kitterman (kitterman) wrote on 2007-05-14: Re: [Bug 113725] Re: Cross site scripting in HTML filter

#11

It's the last attachment. I can't tell you which one it is because the new
LP hmi doesn't work on my Treo.

Revision history for this message

Leonel Nunez (leonelnunez) wrote on 2007-05-14:

#12

It's the last attachment it has the html-filter patch and the regression patch

the first 2 attachments where done by editing debian/rules
the last attachment does not have debian/rules edited

Scott Kitterman (kitterman) on 2007-05-15

Changed in squirrelmail:
assignee:	nobody → leonelnunez
importance:	Undecided → High
status:	Unconfirmed → In Progress
assignee:	nobody → leonelnunez
importance:	Undecided → High
status:	Unconfirmed → In Progress
status:	In Progress → Fix Released

Revision history for this message

Leonel Nunez (leonelnunez) wrote on 2007-05-16:

#13

debdiff for edgy Edit (31.6 KiB, text/html)

this is for edgy
pbuilder was successful and patch applied
installed and deb tested

Revision history for this message

Kees Cook (kees) wrote on 2007-05-16:

#14

Your debdiff looks good, and built fine for me. I adjusted the changelog a little, and I've sponsored the upload. :) I should have it published as soon as it's done building.

Changed in squirrelmail:
status:	In Progress → Fix Released

Revision history for this message

Leonel Nunez (leonelnunez) wrote on 2007-05-16:

#15

dapper.debdiff Edit (37.4 KiB, text/html)

this is for dapper

Revision history for this message

Kees Cook (kees) wrote on 2007-05-16:

#16

Very cool. Thanks for getting this packaged up and tested. I will have it published as soon as the build is finished. Thank you again!

Changed in squirrelmail:
status:	In Progress → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicates of this bug

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntusquirrelmail package

Cross site scripting in HTML filter

Bug Description

CVE References

Duplicates of this bug

Other bug subscribers

Patches

Bug attachments

Remote bug watches

Ubuntu
squirrelmail package