Re: squirrelmail SA34627

To: Thijs Kinkhorst <thijs@debian.org>
Cc: debian-security@lists.debian.org
Subject: Re: squirrelmail SA34627
From: Adrian Minta <adrian.minta@gmail.com>
Date: Tue, 26 Jan 2010 18:18:43 +0200
Message-id: <[🔎] 4B5F15E3.70809@gmail.com>
In-reply-to: <[🔎] d7b99e1cb5b1a75b3d7f2369e0af08af.squirrel@wm.kinkhorst.nl>
References: <[🔎] 4B5DD0B6.7070000@gmail.com> <[🔎] 87tyuac5mq.fsf@mid.deneb.enyo.de> <[🔎] d7b99e1cb5b1a75b3d7f2369e0af08af.squirrel@wm.kinkhorst.nl>

Thijs Kinkhorst wrote:

On Mon, January 25, 2010 21:05, Florian Weimer wrote:

* Adrian Minta:

Hi,
Does squirrelmail 1.4.15-4+lenny2 has fixes for SA34627  ?

According to <http://security-tracker.debian.org/tracker/CVE-2009-2964>,
it's still vulnerable.


Indeed. Backporting the fix for this is not trivial since it's an
architectural change. We are aware of the issue, but have not yet found
enough time to backport the changes to stable and oldstable.


Thijs

However, the squirrelmail 1.4.20~rc2-1 is not free of bugs. I justfound one related to search function:

http://tinyurl.com/y86t957

Reply to:

References:
- squirrelmail SA34627
  - From: Adrian Minta <adrian.minta@gmail.com>
- Re: squirrelmail SA34627
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: squirrelmail SA34627
  - From: "Thijs Kinkhorst" <thijs@debian.org>

Prev by Date: Re: squirrelmail SA34627
Next by Date: SSP & Lenny
Previous by thread: Re: squirrelmail SA34627
Next by thread: SSP & Lenny
Index(es):
- Date
- Thread