[SECURITY] [DLA 1344-1] squirrelmail security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : squirrelmail
Version : 2:1.4.23~svn20120406-2+deb7u2
CVE ID : CVE-2018-8741
Debian Bug : 893202
Florian Grunow and Birk Kauer of ERNW discovered a path traversal
vulnerability in SquirrelMail, a webmail application, allowing an
authenticated remote attacker to retrieve or delete arbitrary files
via mail attachment.
For Debian 7 "Wheezy", these problems have been fixed in version
2:1.4.23~svn20120406-2+deb7u2.
We recommend that you upgrade your squirrelmail packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQEuBAEBCAAYBQJa1GE+ERx0aGlqc0BkZWJpYW4ub3JnAAoJEFb2GnlAHawEzF0H
/R/IJ/cjFvln0uARSOwGxheouRFgbsReQsuvZYMQEvUTZc1EtSYSLx/iVSjgGmqn
TTHVcNHhozykyli/Rt6iswTd9jSC12Dg9BoA2fa/IpSWKy4Atz0HHIsFx2wXIzjl
e+GJUYFUr/hw3mOekBK1a6o1nj7NNe6/PKBXWhp1+bmoEgBRwaDjY+FMB33i63OJ
ySM+hhjzjXcg8THR/sm/3nbxiXPXxPr9xu5lgeXrCFxFB6r++bnp8PvPtDnf/deF
c83wauQdlp0+CAOK3m53e4BENrQ1ORDJqOaE/75cW07faZCz0gWSZcV9leXDQ4yD
PPnO832+OoN8E2jLiYGoDDY=
=DfRJ
-----END PGP SIGNATURE-----
Reply to: