This bug was fixed in the package squirrelmail - 2:1.4.15-3ubuntu0.3
---------------
squirrelmail (2:1.4.15-3ubuntu0.3) intrepid-security; urgency=low
* SECURITY UPDATE: (LP: #396306)
* Server-side code injection in map_yp_alias username map. An issue was
fixed that allowed arbitrary server-side code execution when SquirrelMail
was configured to use the example "map_yp_alias" username mapping
functionality.
- Fixes incomplete fix for CVE-2009-1579
- http://squirrelmail.org/security/issue/2009-05-10
- CVE-2009-1381
- Patch taken from upstream svn rev. 13733. Applied inline.
-- Andreas Wenning <[email protected]> Tue, 07 Jul 2009 02:48:17 +0200
** Changed in: squirrelmail (Ubuntu Jaunty)
Status: Fix Committed => Fix Released
--
[CVE-2009-1381] Incomplete fix for CVE-2009-1579
https://bugs.launchpad.net/bugs/396306
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
