ANNOUNCE: SquirrelMail 1.4.13 Released
------------BDE81A7DDA87CB
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
All,
Due to the package compromise of 1.4.11, and 1.4.12, we are forced to
release 1.4.13 to ensure no confusions. While initial review didn't
uncover a need for concern, several proof of concepts show that the
package alterations introduce a high risk security issue, allowing
remote inclusion of files. These changes would allow a remote user the
ability to execute exploit code on a victim machine, without any user
interaction on the victim's server. This could grant the attacker the
ability to deploy further code on the victim's server.
We *STRONGLY* advise all users of 1.4.11, and 1.4.12 upgrade
immediately.
Package MD5s
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
1a1bdad6245aaabcdd23d9402acb388e squirrelmail-1.4.13.tar.bz2
51ddd67a7ff9272f5a6e1da0b9dfbf18 squirrelmail-1.4.13.tar.gz
ed8871a693cc57d5a0d511f7b89f8781 squirrelmail-1.4.13.zip
We apologies for the inconvenience this may have caused.
--=20
Happy SquirrelMailing!
The SquirrelMail Development Team
------------BDE81A7DDA87CB
Content-Type: application/pgp-signature
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFHYrvlK4PoFPj9H3MRAhwwAJ4y66m/hf/7mxiNJy0zVLpgKiG9lQCg+aUm
86RdS1Uap+6A4IT+ifc2jLc=
=MQra
-----END PGP MESSAGE-----
------------BDE81A7DDA87CB--