[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Squirrelmail archive compromission and version 1.4.9a-2 (in etch)

Hello everybody,

We run squirrelmail as our production webmail for ~ 1k users.

Now we can see that the squirrelmail team has discovered that 1.4.11
have also been compromised.

A colleague on another list points out the fact that they have removed
from the download archive all versions from 1.4.9 to 1.4.12.

If there is suspicion on 1.4.9, I guess we can suspect the version
currently in etch.

Can somebody (maybe Thijs Kinkhorst who is a Debian Developper and
apparently member of the squirrelmail team) enlight us on this subject,


Emmanuel Halbwachs
Resp. Réseau/Sécurité                    Observatoire de Paris-Meudon
tel      : (+33)1 45 07 75 54                   5 Place Jules Janssen
fax      : (+33)1 45 07 76 13                    F 92195 MEUDON CEDEX

Reply to: