Bug#354062: CVE-2006-0195: XSS re comments in styles
Hello Thijs On 2006-03-07 Thijs Kinkhorst wrote: I've been working on it but did not yet round it off unfortunately. I expect that within a day or two. However, previous experiences with the security team indicates that it takes them many weeks to process such a thing so that hurrying in this phase is not really useful as long as the security team isn't hurrying aswell. But it's always nice if it's only them alone and not one self who's to blame for the delay :-) (and in cases where the fix is trivial and only a few source code lines long, they can really be quick) Nevertheless, as some people are surely seriously interested in securing their sites you could upload the fixed version to e.g. http://people.debian.org/~thijs/ and mention it in this bug report. This would also have the benefit that eventualregression bugs could be detected before the Security Team issues the DSA. bye, -christian- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#354062: CVE-2006-0195: XSS re comments in styles
On Fri, February 24, 2006 11:21, Christian Hammers wrote: Upstream version 1.4.6 is available now... I am aware of that. I've backported the fixes to sarge and woody, and I'll work on packaging 1.4.6 for unstable on Monday. Thijs
Bug#354062: CVE-2006-0195: XSS re comments in styles
Upstream version 1.4.6 is available now... bye, -christian- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#354062: CVE-2006-0195: XSS re comments in styles
On Thu, 2006-02-23 at 11:43 +1100, Geoff Crompton wrote: Package: squirrelmail Version: 2:1.4.4-7 Severity: important The changelog at http://www.squirrelmail.org/changelog.php says for 1.4.6: - Security: MagicHTML fix for comments in styles which allowed for cross site scripting when using Internet Explorer (reported by Scott Hughes) [CVE-2006-0195]. Hello Jeff, Thanks, I'm aware of it. I'm awaiting the 1.4.6 version which is to be released any moment now. Thijs signature.asc Description: This is a digitally signed message part
Bug#354062: CVE-2006-0195: XSS re comments in styles
Package: squirrelmail Version: 2:1.4.4-7 Severity: important The changelog at http://www.squirrelmail.org/changelog.php says for 1.4.6: - Security: MagicHTML fix for comments in styles which allowed for cross site scripting when using Internet Explorer (reported by Scott Hughes) [CVE-2006-0195]. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]