[Bug 396306] Re: [CVE-2009-1381] Incomplete fix for CVE-2009-1579
Launchpad Bug Tracker
396306 at bugs.launchpad.net
Tue Jul 7 20:04:12 UTC 2009
This bug was fixed in the package squirrelmail - 2:1.4.15-3ubuntu0.3
---------------
squirrelmail (2:1.4.15-3ubuntu0.3) intrepid-security; urgency=low
* SECURITY UPDATE: (LP: #396306)
* Server-side code injection in map_yp_alias username map. An issue was
fixed that allowed arbitrary server-side code execution when SquirrelMail
was configured to use the example "map_yp_alias" username mapping
functionality.
- Fixes incomplete fix for CVE-2009-1579
- http://squirrelmail.org/security/issue/2009-05-10
- CVE-2009-1381
- Patch taken from upstream svn rev. 13733. Applied inline.
-- Andreas Wenning <awen at awen.dk> Tue, 07 Jul 2009 02:48:17 +0200
** Changed in: squirrelmail (Ubuntu Jaunty)
Status: Fix Committed => Fix Released
--
[CVE-2009-1381] Incomplete fix for CVE-2009-1579
https://bugs.launchpad.net/bugs/396306
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list