A squirrelmail security update has been released for Debian GNU/Linux 8 Extended LTS to address two unsafe serialization vulnerabilities.
ELA-268-1 squirrelmail security update
Package squirrelmail
ELA-268-1 squirrelmail security update
Version 2:1.4.23~svn20120406-2+deb8u5
Related CVEs CVE-2020-14932 CVE-2020-14933
Two unsafe serialisation vulnerabilities where discovered in the PHP-based squirrelmail webmail client.
Unsafe data was accepted to the mailto.php script which opened an email compose screen with the passed email address.
For Debian 8 Jessie, these problems have been fixed in version 2:1.4.23~svn20120406-2+deb8u5.
We recommend that you upgrade your squirrelmail packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
