Might you tell me how I can determine what version of qmt and or
squirrelmail
we might be running?
and what is the problem - just with squirrelmail ?
Thanks
j
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <qmailtoaster-list@qmailtoaster.com>
Sent: Tuesday, December 18, 2007 12:45 PM
Subject: Re: [qmailtoaster] squirrelmail packages compromised!
I'm using qmt-iso 1.3.1 for my install. What is the best way of updating?
Due to the package compromise of 1.4.11, and 1.4.12, we are forced
to release 1.4.13 to ensure no confusions. While initial review didn't
uncover a need for concern, several proof of concepts show that the
package alterations introduce a high risk security issue, allowing
remote inclusion of files. These changes would allow a remote user the
ability to execute exploit code on a victim machine, without any user
interaction on the victim's server. This could grant the attacker the
ability to deploy further code on the victim's server.
We STRONGLY advise all users of 1.4.11, and 1.4.12 upgrade immediately.
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
