[Bug 396306] Re: [CVE-2009-1381] Incomplete fix for CVE-2009-1579
Launchpad Bug Tracker
396306 at bugs.launchpad.net
Tue Jul 7 20:03:53 UTC 2009
This bug was fixed in the package squirrelmail - 2:1.4.13-2ubuntu1.4
---------------
squirrelmail (2:1.4.13-2ubuntu1.4) hardy-security; urgency=low
* SECURITY UPDATE: (LP: #396306)
* Server-side code injection in map_yp_alias username map. An issue was
fixed that allowed arbitrary server-side code execution when SquirrelMail
was configured to use the example "map_yp_alias" username mapping
functionality.
- Fixes incomplete fix for CVE-2009-1579
- http://squirrelmail.org/security/issue/2009-05-10
- CVE-2009-1381
- Patch taken from upstream svn rev. 13733. Applied inline.
-- Andreas Wenning <awen at awen.dk> Tue, 07 Jul 2009 02:50:06 +0200
** Changed in: squirrelmail (Ubuntu Hardy)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-1579
** Changed in: squirrelmail (Ubuntu Intrepid)
Status: Fix Committed => Fix Released
--
[CVE-2009-1381] Incomplete fix for CVE-2009-1579
https://bugs.launchpad.net/bugs/396306
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list