squirrelmail 1.4.11 and 1.4.12 are compromised
shrek-m at gmx.de
shrek-m at gmx.de
Sat Dec 15 11:29:43 UTC 2007
hi,
nice to see that
1.4.13 f8 is complete
1.4.13 f9 (rawhide) is complete
http://koji.fedoraproject.org/koji/packageinfo?packageID=473
please push them asap to updates.
--------
http://squirrelmail.org/
ANNOUNCE: SquirrelMail 1.4.13 Released
Dec 14, 2007 by Jonathan Angliss
Due to the package compromise of 1.4.11, and 1.4.12, we are forced to
release 1.4.13 to ensure no confusions. While initial review didn't
uncover a need for concern, several proof of concepts show that the
package alterations introduce a high risk security issue, allowing
remote inclusion of files. These changes would allow a remote user the
ability to execute exploit code on a victim machine, without any user
interaction on the victim's server. This could grant the attacker the
ability to deploy further code on the victim's server.
We STRONGLY advise all users of 1.4.11, and 1.4.12 upgrade immediately.
----/----
http://www.heise.de/newsticker/meldung/100636
--
shrek-m
More information about the test
mailing list