It was discovered that the webmail package Squirrelmail performs insufficient sanitising inside the HTML filter, which allows the injection of arbitrary web script code during the display of HTML email messages. For the oldstable distribution (sarge) this problem has been fixed in version 2:1.4.4-11. For the stable distribution (etch) this problem has been fixed in version 2:1.4.9a-2. For the unstable distribution (sid) this problem has been fixed in version 2:1.4.10a-1. We recommend that you upgrade your squirrelmail package.
It was discovered that the webmail package Squirrelmail performs insufficient sanitising inside the HTML filter, which allows the injection of arbitrary web script code during the display of HTML email messages.
For the oldstable distribution (sarge) this problem has been fixed in version 2:1.4.4-11.
For the stable distribution (etch) this problem has been fixed in version 2:1.4.9a-2.
For the unstable distribution (sid) this problem has been fixed in version 2:1.4.10a-1.
We recommend that you upgrade your squirrelmail package.
MD5 checksums of the listed files are available in the original advisory.