Squirrelmail Update for Debian
Posted on: 01/02/2003 11:13 PM
A new squirrelmail security update for Debian GNU/Linux has been released
A cross site scripting vulnerability has been discovered in squirrelmail, a feature-rich webmail package written in PHP4. Squirrelmail doesn't sanitize user provided variables in all places, leaving it vulnerable to a cross site scripting attack.Read more
For the current stable distribution (woody) this problem has been fixed in version 1.2.6-1.3. The old stable distribution (potato) is not affected since it doesn't contain a squirrelmail package.
An updated package for the current unstable distribution (sid) is expected soon.