Re: [qmailtoaster] squirrelmail packages compromised!

2007-12-19 Thread Erik A. Espinoza 
I will have the update released tonight.

EE

On Dec 19, 2007 8:18 AM, slamp slamp <[EMAIL PROTECTED]> wrote:
> they mentioned that both 1.4.11 and 1.4.12 were compromised. there
> should be a changelog file in the squirrelmail directory that tells
> you what version you are running.
>
>
> On Dec 18, 2007 1:26 PM, Jim Shupert, Jr. <[EMAIL PROTECTED]> wrote:
> > Might you tell me how I can determine what version of  qmt  and  or
> > squirrelmail
> > we might be running?
> >
> > and what is the problem - just with  squirrelmail ?
> >
> > Thanks
> >
> > j
> >
> > - Original Message -
> > From: <[EMAIL PROTECTED]>
> > To: 
> > Sent: Tuesday, December 18, 2007 12:45 PM
> > Subject: Re: [qmailtoaster] squirrelmail packages compromised!
> >
> >
> > I'm using qmt-iso 1.3.1 for my install. What is the best way of updating?
> >
> > > Due to the package compromise of 1.4.11, and 1.4.12, we are forced
> > > to release 1.4.13 to ensure no confusions. While initial review didn't
> > > uncover a need for concern, several proof of concepts show that the
> > > package alterations introduce a high risk security issue, allowing
> > > remote inclusion of files. These changes would allow a remote user the
> > > ability to execute exploit code on a victim machine, without any user
> > > interaction on the victim's server. This could grant the attacker the
> > > ability to deploy further code on the victim's server.
> > >
> > > We STRONGLY advise all users of 1.4.11, and 1.4.12 upgrade immediately.
> > >
> > > -
> > > QmailToaster hosted by: VR Hosted <http://www.vr.org>
> > > -
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
> >
> > -
> >  QmailToaster hosted by: VR Hosted <http://www.vr.org>
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
> >
> >
> > -
> >  QmailToaster hosted by: VR Hosted <http://www.vr.org>
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
> -
>  QmailToaster hosted by: VR Hosted <http://www.vr.org>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
 QmailToaster hosted by: VR Hosted <http://www.vr.org>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [qmailtoaster] squirrelmail packages compromised!

2007-12-19 Thread slamp slamp 
they mentioned that both 1.4.11 and 1.4.12 were compromised. there
should be a changelog file in the squirrelmail directory that tells
you what version you are running.

On Dec 18, 2007 1:26 PM, Jim Shupert, Jr. <[EMAIL PROTECTED]> wrote:
> Might you tell me how I can determine what version of  qmt  and  or
> squirrelmail
> we might be running?
>
> and what is the problem - just with  squirrelmail ?
>
> Thanks
>
> j
>
> - Original Message -
> From: <[EMAIL PROTECTED]>
> To: 
> Sent: Tuesday, December 18, 2007 12:45 PM
> Subject: Re: [qmailtoaster] squirrelmail packages compromised!
>
>
> I'm using qmt-iso 1.3.1 for my install. What is the best way of updating?
>
> > Due to the package compromise of 1.4.11, and 1.4.12, we are forced
> > to release 1.4.13 to ensure no confusions. While initial review didn't
> > uncover a need for concern, several proof of concepts show that the
> > package alterations introduce a high risk security issue, allowing
> > remote inclusion of files. These changes would allow a remote user the
> > ability to execute exploit code on a victim machine, without any user
> > interaction on the victim's server. This could grant the attacker the
> > ability to deploy further code on the victim's server.
> >
> > We STRONGLY advise all users of 1.4.11, and 1.4.12 upgrade immediately.
> >
> > -
> > QmailToaster hosted by: VR Hosted <http://www.vr.org>
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
> -
>  QmailToaster hosted by: VR Hosted <http://www.vr.org>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
>
> -
>  QmailToaster hosted by: VR Hosted <http://www.vr.org>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
 QmailToaster hosted by: VR Hosted <http://www.vr.org>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [qmailtoaster] squirrelmail packages compromised!

2007-12-18 Thread Jim Shupert, Jr. 
Might you tell me how I can determine what version of  qmt  and  or 
squirrelmail

we might be running?

and what is the problem - just with  squirrelmail ?

Thanks

j
- Original Message - 
From: <[EMAIL PROTECTED]>

To: 
Sent: Tuesday, December 18, 2007 12:45 PM
Subject: Re: [qmailtoaster] squirrelmail packages compromised!


I'm using qmt-iso 1.3.1 for my install. What is the best way of updating?


Due to the package compromise of 1.4.11, and 1.4.12, we are forced
to release 1.4.13 to ensure no confusions. While initial review didn't
uncover a need for concern, several proof of concepts show that the
package alterations introduce a high risk security issue, allowing
remote inclusion of files. These changes would allow a remote user the
ability to execute exploit code on a victim machine, without any user
interaction on the victim's server. This could grant the attacker the
ability to deploy further code on the victim's server.

We STRONGLY advise all users of 1.4.11, and 1.4.12 upgrade immediately.

-
QmailToaster hosted by: VR Hosted <http://www.vr.org>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
QmailToaster hosted by: VR Hosted <http://www.vr.org>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
QmailToaster hosted by: VR Hosted <http://www.vr.org>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [qmailtoaster] squirrelmail packages compromised!

2007-12-18 Thread [EMAIL PROTECTED] 
I'm using qmt-iso 1.3.1 for my install. What is the best way of updating?

> Due to the package compromise of 1.4.11, and 1.4.12, we are forced
> to release 1.4.13 to ensure no confusions. While initial review didn't
> uncover a need for concern, several proof of concepts show that the
> package alterations introduce a high risk security issue, allowing
> remote inclusion of files. These changes would allow a remote user the
> ability to execute exploit code on a victim machine, without any user
> interaction on the victim's server. This could grant the attacker the
> ability to deploy further code on the victim's server.
>
> We STRONGLY advise all users of 1.4.11, and 1.4.12 upgrade immediately.
>
> -
> QmailToaster hosted by: VR Hosted 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]




-
 QmailToaster hosted by: VR Hosted 
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[qmailtoaster] squirrelmail packages compromised!

2007-12-14 Thread slamp slamp 
ANNOUNCE: SquirrelMail 1.4.13 Released

Dec 14, 2007 by Jonathan Angliss
Due to the package compromise of 1.4.11, and 1.4.12, we are forced
to release 1.4.13 to ensure no confusions. While initial review didn't
uncover a need for concern, several proof of concepts show that the
package alterations introduce a high risk security issue, allowing
remote inclusion of files. These changes would allow a remote user the
ability to execute exploit code on a victim machine, without any user
interaction on the victim's server. This could grant the attacker the
ability to deploy further code on the victim's server.

We STRONGLY advise all users of 1.4.11, and 1.4.12 upgrade immediately.

-
 QmailToaster hosted by: VR Hosted 
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]