[SECURITY] [DLA 941-1] squirrelmail security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 941-1] squirrelmail security update
From: Markus Koschany <apo@debian.org>
Date: Mon, 15 May 2017 11:16:36 +0200
Message-id: <[🔎] 03b6cd07-8c10-98ae-08d8-2ab2adf0f89b@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : squirrelmail
Version        : 2:1.4.23~svn20120406-2+deb7u1
CVE ID         : CVE-2017-7692

Dawid Golunski and Filippo Cavallarin discovered that squirrelmail, a
webmail application, incorrectly handled a user-supplied value. This
would allow a logged-in user to run arbitrary commands on the server.

For Debian 7 "Wheezy", these problems have been fixed in version
2:1.4.23~svn20120406-2+deb7u1.

We recommend that you upgrade your squirrelmail packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlkZcfRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeTI8BAAxgeEHmPwW+tjdrxemH1TCbGnOEHl6RMhTey7Nbc7Ka3nGoXMCM+D+4Ag
MqKKsHL/A8xvBGlH365CB1e9LeoNG14aCUJGdG3bGhrm8bJmA/dJWuzLmhaUdVVe
k6F4Lw/Lwy9jWbphFs4sx7qs+azmfxBx3VjFQO1Wg2B3UbcM825l/RtWvcRDNPf7
/A/nOjBFOZ4mH1CnqiHUXZ7p7lKqT1va/dJfufPoAvb6jufpMM/n7Cstti+4/0a7
jwbizQmXdxMzrvoajyPxx34qgA4QxiqotgoumX82mMdAckD/wWzbUQVbA0LOOaIY
1YEWSZm2OJON/N1qFBLvYVb/fx3Q0Q0OAPPgyqrAJQMK0GTej/6k7zf7pCXb31cb
muA9Gktumvk7ZHIAgdlsZDsb0iiKo1AkkqXNTI0vC2fSGsBTWKi9ppSA0gnAmP/q
2kFPQjAMu6+4gk1w9gw7zKlqhM73UAtY8p2aDNzu6gGDziuvsY9pX3Ha08QHd1Ew
x76X9x5ypCWid9zd/JtQsY0bxFQLLHYKKdOGO+uQL76SuIVR/LREcO1JA/NmNECG
QyNd/GPZFBvHtaXU1rCxv1QicR1QGc3pzKP4rQHrD+JyKR/jVO6H7ZBkSI7tZQTI
TVoFGXu6w5osOHlkdHWKavVfNhzYIQPFB0+p3ZA0A+E9Sc1EEa8=
=ZZ3j
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 940-1] sane-backends security update
Next by Date: [SECURITY] [DLA 942-1] jbig2dec security update
Previous by thread: [SECURITY] [DLA 940-1] sane-backends security update
Next by thread: [SECURITY] [DLA 942-1] jbig2dec security update
Index(es):
- Date
- Thread