'[SM-ANNOUNCE] ANNOUNCE: SquirrelMail 1.4.13 Released'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squirrelmail-announce
Subject:    [SM-ANNOUNCE] ANNOUNCE: SquirrelMail 1.4.13 Released
From:       Jon Angliss <jon () squirrelmail ! org>
Date:       2007-12-14 18:59:08
Message-ID: 1977494415.20071214125908 () netdork ! net
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All,

Due to the package compromise of 1.4.11, and 1.4.12, we are forced to
release 1.4.13 to ensure no confusions. While initial review didn't
uncover a need for concern, several proof of concepts show that the
package alterations introduce a high risk security issue, allowing
remote inclusion of files. These changes would allow a remote user the
ability to execute exploit code on a victim machine, without any user
interaction on the victim's server. This could grant the attacker the
ability to deploy further code on the victim's server.

We *STRONGLY* advise all users of 1.4.11, and 1.4.12 upgrade
immediately.

Package MD5s
============
1a1bdad6245aaabcdd23d9402acb388e  squirrelmail-1.4.13.tar.bz2
51ddd67a7ff9272f5a6e1da0b9dfbf18  squirrelmail-1.4.13.tar.gz
ed8871a693cc57d5a0d511f7b89f8781  squirrelmail-1.4.13.zip

We apologies for the inconvenience this may have caused.

- --
Happy SquirrelMailing!
The SquirrelMail Development Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFHYtKBK4PoFPj9H3MRAjiUAKDxM5V8J6vLEUAn7dfiIa1HYwKIWQCfYTbA
3nk8LOfqcBHfZ3IvEOXoOCo=
=USb7
-----END PGP SIGNATURE-----



-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
--
squirrelmail-announce mailing list
List Address: squirrelmail-announce@lists.sourceforge.net
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-announce
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic