* SECURITY UPDATE: (LP: #396306)
* Server-side code injection in map_yp_alias username map. An issue was
fixed that allowed arbitrary server-side code execution when SquirrelMail
was configured to use the example "map_yp_alias" username mapping
functionality.
- Fixes incomplete fix for CVE-2009-1579
- http://squirrelmail.org/security/issue/2009-05-10
- CVE-2009-1381
- Patch taken from upstream svn rev. 13733. Applied inline.
This bug was fixed in the package squirrelmail - 2:1.4.15-3ubuntu0.3
--------------- 15-3ubuntu0. 3) intrepid-security; urgency=low
squirrelmail (2:1.4.
* SECURITY UPDATE: (LP: #396306) squirrelmail. org/security/ issue/2009- 05-10
* Server-side code injection in map_yp_alias username map. An issue was
fixed that allowed arbitrary server-side code execution when SquirrelMail
was configured to use the example "map_yp_alias" username mapping
functionality.
- Fixes incomplete fix for CVE-2009-1579
- http://
- CVE-2009-1381
- Patch taken from upstream svn rev. 13733. Applied inline.
-- Andreas Wenning <email address hidden> Tue, 07 Jul 2009 02:48:17 +0200