Downloads

Download tar.gz 33.31 KB
MD5: fc6dfc1021852318a22258781f4b61d0
SHA-1: 32fb15956c73f5d87358f4fb6d81712c75f752ec
SHA-256: e41964890eb6b48482466b7e42a0cedb25a6bfdf102834029367c11252959a24
Download zip 35.45 KB
MD5: a542e11dee473e232edc6c650432e078
SHA-1: 96993d5172ad878dd358248ae79a3b1322cdfc6a
SHA-256: 4fda15fc11bb80d1271c66b24aa4620d164421f7a4a71b584ec048848a56c771

Release notes

Correct some security problems and some potential security problems reported in SA-CONTRIB-2012-154 - Basic webmail - Multiple vulnerabilities:

  • Not sufficiently sanitizing data when setting page title.
  • Storing login IDs and passwords in plain text in the data column of the users table, possibly including the users' Drupal site login ID and password.
  • Not sufficiently sanitizing data displayed from email messages.
  • Provideing a path to users who have the 'access basic_webmail' permission, and it allows them access to the all site's users' email addresses.
Created by: oadaeh
Created on: 10 Oct 2012 at 13:43 UTC
Last updated: 17 Dec 2013 at 18:33 UTC
Git tag 6.x-1.2
Security update
Unsupported

Other releases