-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : squirrelmail Version : 2:1.4.23~svn20120406-2+deb7u1 CVE ID : CVE-2017-7692
Dawid Golunski and Filippo Cavallarin discovered that squirrelmail, a webmail application, incorrectly handled a user-supplied value. This would allow a logged-in user to run arbitrary commands on the server. For Debian 7 "Wheezy", these problems have been fixed in version 2:1.4.23~svn20120406-2+deb7u1. We recommend that you upgrade your squirrelmail packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlkZcfRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTI8BAAxgeEHmPwW+tjdrxemH1TCbGnOEHl6RMhTey7Nbc7Ka3nGoXMCM+D+4Ag MqKKsHL/A8xvBGlH365CB1e9LeoNG14aCUJGdG3bGhrm8bJmA/dJWuzLmhaUdVVe k6F4Lw/Lwy9jWbphFs4sx7qs+azmfxBx3VjFQO1Wg2B3UbcM825l/RtWvcRDNPf7 /A/nOjBFOZ4mH1CnqiHUXZ7p7lKqT1va/dJfufPoAvb6jufpMM/n7Cstti+4/0a7 jwbizQmXdxMzrvoajyPxx34qgA4QxiqotgoumX82mMdAckD/wWzbUQVbA0LOOaIY 1YEWSZm2OJON/N1qFBLvYVb/fx3Q0Q0OAPPgyqrAJQMK0GTej/6k7zf7pCXb31cb muA9Gktumvk7ZHIAgdlsZDsb0iiKo1AkkqXNTI0vC2fSGsBTWKi9ppSA0gnAmP/q 2kFPQjAMu6+4gk1w9gw7zKlqhM73UAtY8p2aDNzu6gGDziuvsY9pX3Ha08QHd1Ew x76X9x5ypCWid9zd/JtQsY0bxFQLLHYKKdOGO+uQL76SuIVR/LREcO1JA/NmNECG QyNd/GPZFBvHtaXU1rCxv1QicR1QGc3pzKP4rQHrD+JyKR/jVO6H7ZBkSI7tZQTI TVoFGXu6w5osOHlkdHWKavVfNhzYIQPFB0+p3ZA0A+E9Sc1EEa8= =ZZ3j -----END PGP SIGNATURE-----
