Results 1 to 6 of 6

Thread: SquirrelMail new CVE issues

  1. #1
    Join Date
    May 2008
    Posts
    812

    SquirrelMail new CVE issues

    The current version of SquirrelMail provided by DA is vulnerable by multiple issues:

    CVE-2018-14950, CVE-2018-14951, CVE-2018-14952, CVE-2018-14953, CVE-2018-14954, CVE-2018-14955

    They are all patched via:

    https://sourceforge.net/p/squirrelmail/code/14804

    and

    https://sourceforge.net/p/squirrelmail/code/14806

    Please pull the latest stable version of SquirrelMail via:

    https://sourceforge.net/p/squirrelma...SM-1_4-STABLE/

  2. #2
    Join Date
    Sep 2015
    Location
    Arnhem, NL
    Posts
    427
    The latest stable release is almost 8 years ago... Isn't it time to retire SquirrelMail and replace it with something more modern like RainLoop?

  3. #3
    Join Date
    Apr 2009
    Posts
    2,243
    @Erulezz, But do we need RainLoop? I am very happy with Roundcube, and looking at the demo for RainLoop, I like Roundcube better.

  4. #4
    Join Date
    May 2008
    Posts
    812
    Quote Originally Posted by Erulezz View Post
    The latest stable release is almost 8 years ago... Isn't it time to retire SquirrelMail and replace it with something more modern like RainLoop?
    The current stable version is patched frequently. Did you check the SourceForge link from my post? The last update is from 2019-02-27.

  5. #5
    Join Date
    May 2008
    Posts
    812
    It is still not patched in DA. I recommend that everybody who uses SquirrelMail should patch manually.

  6. #6
    Join Date
    May 2008
    Posts
    812
    It is now updated in Custombuild.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •