On Thu, 2006-06-15 at 16:12 +0200, Thijs Kinkhorst wrote:
Thanks. I'm downgrading it to important - I expect a new upstream at
the end of this month that will resolve the bug. I'll check whether or
not to make an upload to Debian for the time inbetween.
I expect a new upstream version within
Package: squirrelmail
Version: 2:1.4.4-8
There is a local file include vulnerability in redirect.php (information
disclosure).
For more information see: http://www.securityfocus.com/bid/18231
Example URI: http://www.example.com/[squirrelmail
severity 373731 serious
tags 373731 security confirmed upstream
thanks
On Thu, Jun 15, 2006 at 02:42:01PM +0200, Oliver Paulus wrote:
There is a local file include vulnerability in redirect.php (information
disclosure).
For more information see: http://www.securityfocus.com/bid/18231
Hello all,
up until the first nul byte. I see that the plugins[] array is actually
never reset in the squirrelmail source or configuration, allowing for
this kind of things.
Right, I agree that the bug exists; it has been discussed on the
upstream [EMAIL PROTECTED] list but I appearently
Thijs Kinkhorst wrote:
As you might know:
- the Debian 'squirrelmail' Apache configuration ships with rg disabled;
- the Debian 'php4' configuration ships with rg disabled;
- it is well known and well documented that enabling register_globals is
a security risk.
Therefore, someone who
severity 373731 important
thanks
On Thu, 2006-06-15 at 14:49 +0200, Moritz Muehlenhoff wrote:
I don't think this warrants a security update for stable.
Thanks. I'm downgrading it to important - I expect a new upstream at the
end of this month that will resolve the bug. I'll check whether or not
6 matches
Mail list logo
