Re: squirrelmail SA34627
On Tue, Jan 26, 2010 at 10:24 AM, Thijs Kinkhorst <thijs@debian.org> wrote:
> On Mon, January 25, 2010 21:05, Florian Weimer wrote:
>> * Adrian Minta:
>>
>>> Hi,
>>> Does squirrelmail 1.4.15-4+lenny2 has fixes for SA34627 ?
>>
>> According to <http://security-tracker.debian.org/tracker/CVE-2009-2964>,
>> it's still vulnerable.
>
> Indeed. Backporting the fix for this is not trivial since it's an
> architectural change. We are aware of the issue, but have not yet found
> enough time to backport the changes to stable and oldstable.
>
>
> Thijs
>
It appears that squirrelmail testing packages works on lenny without
some nasty dependencies. Perhaps the recommended action is to install
them instead of the ones found on lenny.
Reply to: