Re: squirrelmail SA34627

Adrian Minta
Tue, 26 Jan 2010 08:19:11 -0800

Thijs Kinkhorst wrote:

On Mon, January 25, 2010 21:05, Florian Weimer wrote:

* Adrian Minta:

Hi,
Does squirrelmail 1.4.15-4+lenny2 has fixes for SA34627  ?

According to <http://security-tracker.debian.org/tracker/CVE-2009-2964>,
it's still vulnerable.


Indeed. Backporting the fix for this is not trivial since it's an
architectural change. We are aware of the issue, but have not yet found
enough time to backport the changes to stable and oldstable.


Thijs

However, the squirrelmail 1.4.20~rc2-1 is not free of bugs. I justfound one related to search function:

http://tinyurl.com/y86t957



--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to