Security 10816 Published by

A new squirrelmail security update for Debian GNU/Linux has been released



A cross site scripting vulnerability has been discovered in squirrelmail, a feature-rich webmail package written in PHP4. Squirrelmail doesn't sanitize user provided variables in all places, leaving it vulnerable to a cross site scripting attack.

For the current stable distribution (woody) this problem has been fixed in version 1.2.6-1.3. The old stable distribution (potato) is not affected since it doesn't contain a squirrelmail package.

An updated package for the current unstable distribution (sid) is expected soon.
Read more