Thijs Kinkhorst wrote:
However, the squirrelmail 1.4.20~rc2-1 is not free of bugs. I just found one related to search function:On Mon, January 25, 2010 21:05, Florian Weimer wrote:* Adrian Minta:Hi, Does squirrelmail 1.4.15-4+lenny2 has fixes for SA34627 ?According to <http://security-tracker.debian.org/tracker/CVE-2009-2964>, it's still vulnerable.Indeed. Backporting the fix for this is not trivial since it's an architectural change. We are aware of the issue, but have not yet found enough time to backport the changes to stable and oldstable. Thijs
http://tinyurl.com/y86t957