Squirrelmail Update for Debian
Posted on: 01/02/2003 10:13 PM

A new squirrelmail security update for Debian GNU/Linux has been released

A cross site scripting vulnerability has been discovered in squirrelmail, a feature-rich webmail package written in PHP4. Squirrelmail doesn't sanitize user provided variables in all places, leaving it vulnerable to a cross site scripting attack.

For the current stable distribution (woody) this problem has been fixed in version 1.2.6-1.3. The old stable distribution (potato) is not affected since it doesn't contain a squirrelmail package.

An updated package for the current unstable distribution (sid) is expected soon.


Read more


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/squirrelmail_update_for_debian.html)