First, thanks very much, as others have said, for the thorough and thoughtful way you handled this situation. > Plugins Compromise > - ------------------ > During the initial announcement, we'd mentioned that we did not > believe that any of the plugins had been compromised. Further > investigation has shown that the following plugins were indeed > compromised: > > - sasql-3.2.0 > - multilogin-2.4-1.2.9 > - change_pass-3.0-1.4.0 > > Parts of these code changes attempts to send mail to an offsite > server containing passwords. We cannot establish a timeline of when > these plugins were compromised. Are you able to ascertain whether only that version of Change Password was compromised? I'm using Change Password 2.7a-1.4.x - although I don't know when I downloaded it, it was before version 3 was released - should I be concerned about its integrity? Is there a specific place I could look in its code for a possible exploit? I just want to be able to notify users if in fact there may have been a risk of passwords being compromised. Thanks, Jim ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
