On Tue, Jan 26, 2010 at 10:24 AM, Thijs Kinkhorst <[email protected]> wrote: > On Mon, January 25, 2010 21:05, Florian Weimer wrote: >> * Adrian Minta: >> >>> Hi, >>> Does squirrelmail 1.4.15-4+lenny2 has fixes for SA34627 ? >> >> According to <http://security-tracker.debian.org/tracker/CVE-2009-2964>, >> it's still vulnerable. > > Indeed. Backporting the fix for this is not trivial since it's an > architectural change. We are aware of the issue, but have not yet found > enough time to backport the changes to stable and oldstable. > > > Thijs >
It appears that squirrelmail testing packages works on lenny without some nasty dependencies. Perhaps the recommended action is to install them instead of the ones found on lenny. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
