squirrelmail-1.4.8-21.AXS3

SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation.

Security issues fixed with this release:

• CVE-2012-2124
functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preference files. NOTE: this issue exists because of an incorrect fix for CVE-2010-2813.

Fixed bugs:

• SquirrelMail now handles multi-line subjects properly.

• Attachments written in HTML on windows now display correctly.

• Previously e-mail messages with a UID larger than 2^31 bytes were unreadable. This has been fixed.

• A PHP script failed to assign the proper character set to requested variables and SquirrelMail could not display any e-mails. This has been fixed.

• Fixed the incorrect internationalization option located at the i18n.php file so that the GB 2312 character set works correctly.

• Fixed the spelling of the PREG_SPLIT_NI_EMPTY constant: its correct name is PREG_SPLIT_NO_EMPTY. This fixes some error messages.

• Added a note to the SquirrelMail documentation on how to set SELinux options to allow sending emails from the SquirrelMail web interface.

• SquirrelMail now complies with the RFC 2822 specification and attachments with lines longer than 998 characters can now be forwarded.

• Changed the dependencies on the php-common script so that it is now possible to install or upgrade SquirrelMail on systems using php53.