All, Due to the package compromise of 1.4.11, and 1.4.12, we are forced to release 1.4.13 to ensure no confusions. While initial review didn't uncover a need for concern, several proof of concepts show that the package alterations introduce a high risk security issue, allowing remote inclusion of files. These changes would allow a remote user the ability to execute exploit code on a victim machine, without any user interaction on the victim's server. This could grant the attacker the ability to deploy further code on the victim's server. We *STRONGLY* advise all users of 1.4.11, and 1.4.12 upgrade immediately. Package MD5s ============ 1a1bdad6245aaabcdd23d9402acb388e squirrelmail-1.4.13.tar.bz2 51ddd67a7ff9272f5a6e1da0b9dfbf18 squirrelmail-1.4.13.tar.gz ed8871a693cc57d5a0d511f7b89f8781 squirrelmail-1.4.13.zip We apologies for the inconvenience this may have caused. -- Happy SquirrelMailing! The SquirrelMail Development Team
Attachment:
pgphs1PaEcPCi.pgp
Description: PGP signature