[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1f55Ls-0005q3-Q9@seger.debian.org>
Date: Sun, 08 Apr 2018 08:07:04 +0000
From: Salvatore Bonaccorso <carnil@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 4168-1] squirrelmail security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4168-1 security@...ian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 08, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : squirrelmail
CVE ID : CVE-2018-8741
Debian Bug : 893202
Florian Grunow und Birk Kauer of ERNW discovered a path traversal
vulnerability in SquirrelMail, a webmail application, allowing an
authenticated remote attacker to retrieve or delete arbitrary files
via mail attachment.
For the oldstable distribution (jessie), this problem has been fixed
in version 2:1.4.23~svn20120406-2+deb8u2.
We recommend that you upgrade your squirrelmail packages.
For the detailed security status of squirrelmail please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/squirrelmail
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlrJyshfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0ROLQ/+ILcsLCgwuYN0h2hldhFLOFbleNYkFzuqlg3ZDEfdE0YrmwimHYntN6oe
GFc6PKMXap74rBOEcZY98oPvj3HIHQAur5+PTi09dfNyXC/ninmro7jPUE+23R7+
dMNEsI/w4wFzx9LjFHyfi6BWvxlZ9+IpGbZzaEVwM0AnGB0YTuDqzISlbRqXp+Ed
9xT09JTBpALzjqIt11gnJBh14hBz7egoVFXsklSVOx/sa/FwDKH7m/ksmJdFtBNB
TaVqeLZxxLKVK04Zu8eb9O0LhdddMNR4x51/yN6xNihDoKAGBAI6NsJsxtaUuNj/
b3KrFAXm+m6NOwrEh3EM0xWmc1QMsDpxSyS8CHvTSsOQRKoKa7jOViOtygBauY4p
ByZnRj6+hgTp2qBFJ1f4v5sm+ZHfHfoD3GFLHvyPWze6ioUg0IY02Qwk+WYwkJW8
Oiau0C2419WINbgmtQNRd6ZZ7lNXsOMwScVI7xUybhBUhgaoylFa0RifcckgBObE
mDsOE6ltaytGFAX0ooNAJBbCYW9irQCpvCoB+krKb6S5z5Dg2/W6syizm6scQdyI
MW1RgTxrJB5FYagI06aBcmYl4fSFMGJG0qJL3vhPE9Y9oiV+NmST8uo6TaUMsHLE
6DEUbCI4+zG5/kFw0vQW7u27An/p+2410rD+9L+4GJfDoqBbkLc=
=zgnB
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists