[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: squirrelmail SA34627

Thijs Kinkhorst wrote:
On Mon, January 25, 2010 21:05, Florian Weimer wrote:
* Adrian Minta:

Does squirrelmail 1.4.15-4+lenny2 has fixes for SA34627  ?
According to <http://security-tracker.debian.org/tracker/CVE-2009-2964>,
it's still vulnerable.

Indeed. Backporting the fix for this is not trivial since it's an
architectural change. We are aware of the issue, but have not yet found
enough time to backport the changes to stable and oldstable.


However, the squirrelmail 1.4.20~rc2-1 is not free of bugs. I just found one related to search function:

Reply to: