[Secure-testing-team] Updated packages for SquirrelMail
Thijs Kinkhorst
thijs at debian.org
Fri May 11 12:38:23 UTC 2007
Dear security team,
I've prepared updates for etch and sarge for squirrelmail, to address
CVE-2007-1262. The updated packages are here:
http://www.a-eskwadraat.nl/~kink/debian/
Please let me know whether I can upload them.
I've built the etch version with orig.tar.gz and the sarge version without. I
hope that is ok.
In the security tracker two further CVE's are both open for squirrelmail:
CVE-2006-3174, CVE-2006-3665. They both require register_globals to be on,
that's why we didn't put effort into fixing those I guess. Does anything have
to happen to these issues, or can they be marked as "done"?
thanks,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070511/39f5e70a/attachment.pgp
More information about the Secure-testing-team
mailing list