squirrelmail 1.4.11 and 1.4.12 are compromised

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



hi,

nice to see that
1.4.13 f8 is complete
1.4.13 f9 (rawhide) is complete
http://koji.fedoraproject.org/koji/packageinfo?packageID=473

please push them asap to updates.

--------
http://squirrelmail.org/
ANNOUNCE: SquirrelMail 1.4.13 Released
Dec 14, 2007 by Jonathan Angliss
Due to the package compromise of 1.4.11, and 1.4.12, we are forced to
release 1.4.13 to ensure no confusions. While initial review didn't
uncover a need for concern, several proof of concepts show that the
package alterations introduce a high risk security issue, allowing
remote inclusion of files. These changes would allow a remote user the
ability to execute exploit code on a victim machine, without any user
interaction on the victim's server. This could grant the attacker the
ability to deploy further code on the victim's server.

We STRONGLY advise all users of 1.4.11, and 1.4.12 upgrade immediately.
----/----

http://www.heise.de/newsticker/meldung/100636


-- 
shrek-m

-- 
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe: 
https://www.redhat.com/mailman/listinfo/fedora-test-list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux