Re: squirrelmail SA34627

To: Thijs Kinkhorst <thijs@debian.org>
Cc: debian-security@lists.debian.org
Subject: Re: squirrelmail SA34627
From: Adrian M <adrian.minta@gmail.com>
Date: Tue, 26 Jan 2010 13:05:38 +0200
Message-id: <[🔎] 14e72ec91001260305s662cba69n969861a0c4a4a478@mail.gmail.com>
In-reply-to: <[🔎] d7b99e1cb5b1a75b3d7f2369e0af08af.squirrel@wm.kinkhorst.nl>
References: <[🔎] 4B5DD0B6.7070000@gmail.com> <[🔎] 87tyuac5mq.fsf@mid.deneb.enyo.de> <[🔎] d7b99e1cb5b1a75b3d7f2369e0af08af.squirrel@wm.kinkhorst.nl>

On Tue, Jan 26, 2010 at 10:24 AM, Thijs Kinkhorst <thijs@debian.org> wrote:
> On Mon, January 25, 2010 21:05, Florian Weimer wrote:
>> * Adrian Minta:
>>
>>> Hi,
>>> Does squirrelmail 1.4.15-4+lenny2 has fixes for SA34627  ?
>>
>> According to <http://security-tracker.debian.org/tracker/CVE-2009-2964>,
>> it's still vulnerable.
>
> Indeed. Backporting the fix for this is not trivial since it's an
> architectural change. We are aware of the issue, but have not yet found
> enough time to backport the changes to stable and oldstable.
>
>
> Thijs
>

It appears that squirrelmail testing packages works on lenny without
some nasty dependencies. Perhaps the recommended action is to install
them instead of the ones found on lenny.

Reply to:

References:
- squirrelmail SA34627
  - From: Adrian Minta <adrian.minta@gmail.com>
- Re: squirrelmail SA34627
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: squirrelmail SA34627
  - From: "Thijs Kinkhorst" <thijs@debian.org>

Prev by Date: Re: squirrelmail SA34627
Next by Date: Re: squirrelmail SA34627
Previous by thread: Re: squirrelmail SA34627
Next by thread: Re: squirrelmail SA34627
Index(es):
- Date
- Thread