Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=6b6a73fa350c50200d1a6c66ad7ba7eb95a26bf2
commit 6b6a73fa350c50200d1a6c66ad7ba7eb95a26bf2 Author: Miklos Vajna <vmik...@frugalware.org> Date: Sat Jun 6 13:33:07 2009 +0200 FSA608-squirrelmail diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml index cf56560..bb4bc5b 100644 --- a/frugalware/xml/security.xml +++ b/frugalware/xml/security.xml @@ -26,6 +26,18 @@ <fsas> <fsa> + <id>608</id> + <date>2009-06-06</date> + <author>Miklos Vajna</author> + <package>squirrelmail</package> + <vulnerable>1.4.17-2anacreon1</vulnerable> + <unaffected>1.4.17-3anacreon1</unaffected> + <bts>http://bugs.frugalware.org/task/3779</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1579 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1381</cve> + <desc>The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program.</desc> + </fsa> + <fsa> <id>607</id> <date>2009-05-30</date> <author>Miklos Vajna</author> _______________________________________________ Frugalware-git mailing list Frugalware-git@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-git