Re: squirrelmail SA34627

Thijs Kinkhorst
Tue, 26 Jan 2010 00:24:37 -0800

On Mon, January 25, 2010 21:05, Florian Weimer wrote:
> * Adrian Minta:
>
>> Hi,
>> Does squirrelmail 1.4.15-4+lenny2 has fixes for SA34627  ?
>
> According to <http://security-tracker.debian.org/tracker/CVE-2009-2964>,
> it's still vulnerable.


Indeed. Backporting the fix for this is not trivial since it's an
architectural change. We are aware of the issue, but have not yet found
enough time to backport the changes to stable and oldstable.


Thijs


-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to