Hanno Böck has posted patches for XSS and PHP issues:
You're the registered maintainer, David ;-)
@David: I've had a look into the fixes. Do you still use squirrelmail?
From my perspektive, I would say, we can apply these changes.
Hi Marc. I don't think I've used it in 16 years. You can apply the fixes if you don't mind.
Updated squirrelmail packages fix XSS-security vulnerability:
It was discovered that some special tags have not been filtered accordingly which can be used for an XSS-attack.
Updated packages in core/updates_testing:
MGA6-32 MATE in Dutch on IBM Thinkpad R50e
At installation I expected that selecting squirrelmail this would draw in the nl language pack automatically as other packages do. I had to do it manually, but even then squirrelmail displays in pure English.
Googling learned me that I had to change the Display preferences in the squirrelmail "Options" page.
Followed Brian'lead in bug 22793 Comment 6.
Created an additional user squitest on the system, initiated the folders and files on this and my regular user as shown, and I have been able to send and reply mail between these two users.
OK for me.
mga6-64 xfce in US English on VBOX
Installed as per instructions in bug 22793 Comment 6.
created new user and Emailed back and forth in local host.
Working as far as I can tell.
With OKs in both arches, this looks good to go to me. Validating. Suggested advisory in comment 4.
An update for this issue has been pushed to the Mageia Updates repository.