All, Due to the package compromise of 1.4.11, and 1.4.12, we are forced to release 1.4.13 to ensure no confusions. While initial review didn't uncover a need for concern, several proof of concepts show that the package alterations introduce a high risk security issue, allowing remote inclusion of files. These changes would allow a remote user the ability to execute exploit code on a victim machine, without any user interaction on the victim's server. This could grant the attacker the ability to deploy further code on the victim's server. We *STRONGLY* advise all users of 1.4.11, and 1.4.12 upgrade immediately. Package MD5s ============ 1a1bdad6245aaabcdd23d9402acb388e squirrelmail-1.4.13.tar.bz2 51ddd67a7ff9272f5a6e1da0b9dfbf18 squirrelmail-1.4.13.tar.gz ed8871a693cc57d5a0d511f7b89f8781 squirrelmail-1.4.13.zip We apologies for the inconvenience this may have caused. -- Happy SquirrelMailing! The SquirrelMail Development Team
Attachment:
pgpJN5Rb56S9y.pgp
Description: PGP signature
------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
