diff -u squirrelmail-1.4.15/debian/changelog squirrelmail-1.4.15/debian/changelog
--- squirrelmail-1.4.15/debian/changelog
+++ squirrelmail-1.4.15/debian/changelog
@@ -1,3 +1,17 @@
+squirrelmail (2:1.4.15-3ubuntu0.3) intrepid-security; urgency=low
+
+  * SECURITY UPDATE: (LP: #396306)
+  * Server-side code injection in map_yp_alias username map. An issue was
+    fixed that allowed arbitrary server-side code execution when SquirrelMail
+    was configured to use the example "map_yp_alias" username mapping
+    functionality.
+    - Fixes incomplete fix for CVE-2009-1579
+    - http://squirrelmail.org/security/issue/2009-05-10
+    - CVE-2009-1381
+    - Patch taken from upstream svn rev. 13733. Applied inline.
+
+ -- Andreas Wenning <awen@awen.dk>  Tue, 07 Jul 2009 02:48:17 +0200
+
 squirrelmail (2:1.4.15-3ubuntu0.2) intrepid-security; urgency=low
 
   * SECURITY UPDATE: (LP: #375513)
diff -u squirrelmail-1.4.15/functions/imap_general.php squirrelmail-1.4.15/functions/imap_general.php
--- squirrelmail-1.4.15/functions/imap_general.php
+++ squirrelmail-1.4.15/functions/imap_general.php
@@ -973,7 +973,8 @@
  * LDAP whatever way to find the users IMAP server.
  */
 function map_yp_alias($username) {
-   $yp = `ypmatch ' . escapeshellarg($username) . ' aliases`;
+   $safe_username = escapeshellarg($username);
+   $yp = `ypmatch $safe_username aliases`;
    return chop(substr($yp, strlen($username)+1));
 }