* SECURITY UPDATE: (LP: #396306)
* Server-side code injection in map_yp_alias username map. An issue was
fixed that allowed arbitrary server-side code execution when SquirrelMail
was configured to use the example "map_yp_alias" username mapping
functionality.
- Fixes incomplete fix for CVE-2009-1579
- http://squirrelmail.org/security/issue/2009-05-10
- CVE-2009-1381
- Patch taken from upstream svn rev. 13733. Applied inline.
This bug was fixed in the package squirrelmail - 2:1.4.13-2ubuntu1.4
--------------- 13-2ubuntu1. 4) hardy-security; urgency=low
squirrelmail (2:1.4.
* SECURITY UPDATE: (LP: #396306) squirrelmail. org/security/ issue/2009- 05-10
* Server-side code injection in map_yp_alias username map. An issue was
fixed that allowed arbitrary server-side code execution when SquirrelMail
was configured to use the example "map_yp_alias" username mapping
functionality.
- Fixes incomplete fix for CVE-2009-1579
- http://
- CVE-2009-1381
- Patch taken from upstream svn rev. 13733. Applied inline.
-- Andreas Wenning <email address hidden> Tue, 07 Jul 2009 02:50:06 +0200