Hosting Provided By

Re: Squirrelmail archive compromission and version 1.4.9a-2 (in etch)

From: Nico Golde <debian-security+ml(at)ngolde.de>
Date: Mon Dec 17 2007 - 12:10:54 EST

Hi Emmanuel,
* Emmanuel Halbwachs <Emmanuel.Halbwachs@obspm.fr> [2007-12-17 17:57]:
> We run squirrelmail as our production webmail for ~ 1k users.
>
> Now we can see that the squirrelmail team has discovered that 1.4.11
> have also been compromised.

Yes that is true.

> A colleague on another list points out the fact that they have removed
> from the download archive all versions from 1.4.9 to 1.4.12.
>
> If there is suspicion on 1.4.9, I guess we can suspect the version
> currently in etch.
>
> Can somebody (maybe Thijs Kinkhorst who is a Debian Developper and
> apparently member of the squirrelmail team) enlight us on this subject,
> please?

Have a look at: http://security-tracker.debian.net/tracker/CVE-2007-6348 No version in Debian is affected by this. HTH
Nico

-- 
Nico Golde - 
http://www.ngolde.de - 
nion(at)jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

-- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

application/pgp-signature attachment: stored

Received on Mon Dec 17 12:32:41 2007

This message: [ Message body ]
Next message: Lars Schimmer: "Re: large campus network ... sugestions"
Previous message: Emmanuel Halbwachs: "Squirrelmail archive compromission and version 1.4.9a-2 (in etch)"
In reply to: Emmanuel Halbwachs: "Squirrelmail archive compromission and version 1.4.9a-2 (in etch)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:54:36 EDT