Squirrelmail archive compromission and version 1.4.9a-2 (in etch)

Hello everybody,

We run squirrelmail as our production webmail for ~ 1k users.

Now we can see that the squirrelmail team has discovered that 1.4.11 have also been compromised.

A colleague on another list points out the fact that they have removed from the download archive all versions from 1.4.9 to 1.4.12.

If there is suspicion on 1.4.9, I guess we can suspect the version currently in etch.

Can somebody (maybe Thijs Kinkhorst who is a Debian Developper and apparently member of the squirrelmail team) enlight us on this subject, please?

TIA,
--

Emmanuel Halbwachs

Resp. Réseau/Sécurité                    Observatoire de Paris-Meudon
tel      : (+33)1 45 07 75 54                   5 Place Jules Janssen
fax      : (+33)1 45 07 76 13                    F 92195 MEUDON CEDEX

--

To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Received on Mon Dec 17 12:17:51 2007

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.debian.org Links debian-announce debian-apache debian-arm-changes debian-beowulf debian-boot debian-cd debian-cd-vendors debian-changes debian-changes-digest debian-isp debian-kde debian-laptop debian-mirrors-announce debian-news debian-security debian-security-announce debian-testing debian-user debian-user-digest Request more information about Pantek