-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : squirrelmail Version : 2:1.4.23~svn20120406-2+deb7u2 CVE ID : CVE-2018-8741 Debian Bug : 893202
Florian Grunow and Birk Kauer of ERNW discovered a path traversal vulnerability in SquirrelMail, a webmail application, allowing an authenticated remote attacker to retrieve or delete arbitrary files via mail attachment. For Debian 7 "Wheezy", these problems have been fixed in version 2:1.4.23~svn20120406-2+deb7u2. We recommend that you upgrade your squirrelmail packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQEuBAEBCAAYBQJa1GE+ERx0aGlqc0BkZWJpYW4ub3JnAAoJEFb2GnlAHawEzF0H /R/IJ/cjFvln0uARSOwGxheouRFgbsReQsuvZYMQEvUTZc1EtSYSLx/iVSjgGmqn TTHVcNHhozykyli/Rt6iswTd9jSC12Dg9BoA2fa/IpSWKy4Atz0HHIsFx2wXIzjl e+GJUYFUr/hw3mOekBK1a6o1nj7NNe6/PKBXWhp1+bmoEgBRwaDjY+FMB33i63OJ ySM+hhjzjXcg8THR/sm/3nbxiXPXxPr9xu5lgeXrCFxFB6r++bnp8PvPtDnf/deF c83wauQdlp0+CAOK3m53e4BENrQ1ORDJqOaE/75cW07faZCz0gWSZcV9leXDQ4yD PPnO832+OoN8E2jLiYGoDDY= =DfRJ -----END PGP SIGNATURE-----