they mentioned that both 1.4.11 and 1.4.12 were compromised. there should be a changelog file in the squirrelmail directory that tells you what version you are running.
On Dec 18, 2007 1:26 PM, Jim Shupert, Jr. <[EMAIL PROTECTED]> wrote: > Might you tell me how I can determine what version of qmt and or > squirrelmail > we might be running? > > and what is the problem - just with squirrelmail ? > > Thanks > > j > > ----- Original Message ----- > From: <[EMAIL PROTECTED]> > To: <qmailtoaster-list@qmailtoaster.com> > Sent: Tuesday, December 18, 2007 12:45 PM > Subject: Re: [qmailtoaster] squirrelmail packages compromised! > > > I'm using qmt-iso 1.3.1 for my install. What is the best way of updating? > > > Due to the package compromise of 1.4.11, and 1.4.12, we are forced > > to release 1.4.13 to ensure no confusions. While initial review didn't > > uncover a need for concern, several proof of concepts show that the > > package alterations introduce a high risk security issue, allowing > > remote inclusion of files. These changes would allow a remote user the > > ability to execute exploit code on a victim machine, without any user > > interaction on the victim's server. This could grant the attacker the > > ability to deploy further code on the victim's server. > > > > We STRONGLY advise all users of 1.4.11, and 1.4.12 upgrade immediately. > > > > --------------------------------------------------------------------- > > QmailToaster hosted by: VR Hosted <http://www.vr.org> > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > QmailToaster hosted by: VR Hosted <http://www.vr.org> > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > QmailToaster hosted by: VR Hosted <http://www.vr.org> > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]