Thijs Kinkhorst
2007-May-11 12:58 UTC
[Secure-testing-team] Updated packages for SquirrelMail
Dear security team, I''ve prepared updates for etch and sarge for squirrelmail, to address CVE-2007-1262. The updated packages are here: http://www.a-eskwadraat.nl/~kink/debian/ Please let me know whether I can upload them. I''ve built the etch version with orig.tar.gz and the sarge version without. I hope that is ok. In the security tracker two further CVE''s are both open for squirrelmail: CVE-2006-3174, CVE-2006-3665. They both require register_globals to be on, that''s why we didn''t put effort into fixing those I guess. Does anything have to happen to these issues, or can they be marked as "done"? thanks, Thijs -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 481 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070511/39f5e70a/attachment.pgp