Squirrelmail archive compromission and version 1.4.9a-2 (in etch)
We run squirrelmail as our production webmail for ~ 1k users.
Now we can see that the squirrelmail team has discovered that 1.4.11
have also been compromised.
A colleague on another list points out the fact that they have removed
from the download archive all versions from 1.4.9 to 1.4.12.
If there is suspicion on 1.4.9, I guess we can suspect the version
currently in etch.
Can somebody (maybe Thijs Kinkhorst who is a Debian Developper and
apparently member of the squirrelmail team) enlight us on this subject,
Resp. Réseau/Sécurité Observatoire de Paris-Meudon
tel : (+33)1 45 07 75 54 5 Place Jules Janssen
fax : (+33)1 45 07 76 13 F 92195 MEUDON CEDEX