Hi Emmanuel, * Emmanuel Halbwachs <Emmanuel.Halbwachs@obspm.fr> [2007-12-17 17:57]: > We run squirrelmail as our production webmail for ~ 1k users. > > Now we can see that the squirrelmail team has discovered that 1.4.11 > have also been compromised. Yes that is true. > A colleague on another list points out the fact that they have removed > from the download archive all versions from 1.4.9 to 1.4.12. > > If there is suspicion on 1.4.9, I guess we can suspect the version > currently in etch. > > Can somebody (maybe Thijs Kinkhorst who is a Debian Developper and > apparently member of the squirrelmail team) enlight us on this subject, > please? Have a look at: http://security-tracker.debian.net/tracker/CVE-2007-6348 No version in Debian is affected by this. HTH Nico -- Nico Golde - http://www.ngolde.de - email@example.com - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Description: PGP signature