> > Modifications seemed to be > > based around a PHP global variable which we cannot track down. > > Actually I don't understand what this means... What do you mean "cannot track down"? It means that we couldn't find any reference to it in a doc or anywhere else online. However, we have since become aware of how this variable might be created. > What diff do you see between the compromised version and > the one that is there now? I see only a comment diff in one file. it was a small block of code that checks for a $_SERVER var. If that var was present, it would redefine SM_PATH. Under normal circumstances, this would never be executed, but we have since learned how to make it execute. Please upgrade to 1.4.13. :-) ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
