[SECURITY] [DLA 1344-1] squirrelmail security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 1344-1] squirrelmail security update
From: Thijs Kinkhorst <thijs@debian.org>
Date: Mon, 16 Apr 2018 10:39:28 +0200
Message-id: <[🔎] d430bf4f-dd90-26de-432b-d372fc2c71d7@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : squirrelmail
Version        : 2:1.4.23~svn20120406-2+deb7u2
CVE ID         : CVE-2018-8741
Debian Bug     : 893202

Florian Grunow and Birk Kauer of ERNW discovered a path traversal
vulnerability in SquirrelMail, a webmail application, allowing an
authenticated remote attacker to retrieve or delete arbitrary files
via mail attachment.

For Debian 7 "Wheezy", these problems have been fixed in version
2:1.4.23~svn20120406-2+deb7u2.

We recommend that you upgrade your squirrelmail packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQEuBAEBCAAYBQJa1GE+ERx0aGlqc0BkZWJpYW4ub3JnAAoJEFb2GnlAHawEzF0H
/R/IJ/cjFvln0uARSOwGxheouRFgbsReQsuvZYMQEvUTZc1EtSYSLx/iVSjgGmqn
TTHVcNHhozykyli/Rt6iswTd9jSC12Dg9BoA2fa/IpSWKy4Atz0HHIsFx2wXIzjl
e+GJUYFUr/hw3mOekBK1a6o1nj7NNe6/PKBXWhp1+bmoEgBRwaDjY+FMB33i63OJ
ySM+hhjzjXcg8THR/sm/3nbxiXPXxPr9xu5lgeXrCFxFB6r++bnp8PvPtDnf/deF
c83wauQdlp0+CAOK3m53e4BENrQ1ORDJqOaE/75cW07faZCz0gWSZcV9leXDQ4yD
PPnO832+OoN8E2jLiYGoDDY=
=DfRJ
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1347-1] tiff3 security update
Next by Date: [SECURITY] [DLA 1348-1] patch security update
Previous by thread: [SECURITY] [DLA 1347-1] tiff3 security update
Next by thread: [SECURITY] [DLA 1348-1] patch security update
Index(es):
- Date
- Thread