<<< Date Index >>>     <<< Thread Index >>>

ANNOUNCE: SquirrelMail 1.4.13 Released



All,

Due to the package compromise of 1.4.11, and 1.4.12, we are forced to
release 1.4.13 to ensure no confusions. While initial review didn't
uncover a need for concern, several proof of concepts show that the
package alterations introduce a high risk security issue, allowing
remote inclusion of files. These changes would allow a remote user the
ability to execute exploit code on a victim machine, without any user
interaction on the victim's server. This could grant the attacker the
ability to deploy further code on the victim's server.

We *STRONGLY* advise all users of 1.4.11, and 1.4.12 upgrade
immediately.

Package MD5s
============
1a1bdad6245aaabcdd23d9402acb388e  squirrelmail-1.4.13.tar.bz2
51ddd67a7ff9272f5a6e1da0b9dfbf18  squirrelmail-1.4.13.tar.gz
ed8871a693cc57d5a0d511f7b89f8781  squirrelmail-1.4.13.zip

We apologies for the inconvenience this may have caused.

-- 
Happy SquirrelMailing!
The SquirrelMail Development Team

Attachment: pgphs1PaEcPCi.pgp
Description: PGP signature