---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. Join the FREE BETA test of the Network Software Inspector (NSI)! http://secunia.com/network_software_inspector/ The NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: Debian update for squirrelmail SECUNIA ADVISORY ID: SA25236 VERIFY ADVISORY: http://secunia.com/advisories/25236/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote OPERATING SYSTEM: Debian GNU/Linux 3.1 http://secunia.com/product/5307/ Debian GNU/Linux 4.0 http://secunia.com/product/13844/ Debian GNU/Linux unstable alias sid http://secunia.com/product/530/ DESCRIPTION: Debian has issued an update for squirrelmail. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. For more information: SA25200 SOLUTION: Apply updated packages. -- Debian GNU/Linux 3.1 alias sarge -- Source archives: http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-11.dsc Size/MD5 checksum: 680 6c295daf080ac9c28a5a1dba6638e84d http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-11.diff.gz Size/MD5 checksum: 29878 fe8738a69d997ce9604691c09e50a818 http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4.orig.tar.gz Size/MD5 checksum: 575871 f50548b6f4f24d28afb5e6048977f4da Architecture independent components: http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-11_all.deb Size/MD5 checksum: 575624 bb59799e0eb2029d00466c8a845ed5c8 -- Debian GNU/Linux 4.0 alias etch -- Source archives: http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.9a-2.dsc Size/MD5 checksum: 721 c828ed91c9f92b5c2288a388d90b9a58 http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.9a-2.diff.gz Size/MD5 checksum: 23315 51ca1a79090618fe7846d77f7cbb6087 http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.9a.orig.tar.gz Size/MD5 checksum: 598950 5b19f8cc5badef91d1f2410df41564bc Architecture independent components: http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.9a-2_all.deb Size/MD5 checksum: 592732 1659d85aef3a052ffff42715068f9760 -- Debian GNU/Linux unstable alias sid -- The vulnerabilities will reportedly be fixed in version 1.4.10a-1. ORIGINAL ADVISORY: http://www.us.debian.org/security/2007/dsa-1290 OTHER REFERENCES: SA25200: http://secunia.com/advisories/25200/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------