The squirrelmail site states: "We are pleased to announce the release of SquirrelMail 1.4.3. This is a very important release as there was a number of XSS issues uncovered, and resolved. Many thanks to Eyal Udassin, Roman Medina and others for reporting the issues. As the previous release contained issues, it is STRONGLY advised that all users should upgrade to the latest release."
But a more recent message from Roman Medina states: "I discovered a new XSS vuln in SquirrelMail which is quite dangerous since it could be exploited simply by sending a specially crafted mail to the victim. The victim only has to read the email in order to trigger the exploit. This bug is present in latest versions (as well as older ones)." Given the last sentence doesn't mention a version number I'm not sure if I should install version 1.43 now or wait for version 1.4.4. Cheers. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [EMAIL PROTECTED] UNIX Systems Administrator Research School of Pacific & Asian Studies Australian National University ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Phone: +61-2-6125-4160 Mobile: 0408 622 647 ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click -- squirrelmail-users mailing list List Address: [EMAIL PROTECTED] List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
