[SM-ANNOUNCE] ANNOUNCE: SquirrelMail 1.4.13 Released

C

CoolZero

Verified User
Joined
Jul 6, 2006
Messages
83
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All,

Due to the package compromise of 1.4.11, and 1.4.12, we are forced to
release 1.4.13 to ensure no confusions. While initial review didn't
uncover a need for concern, several proof of concepts show that the
package alterations introduce a high risk security issue, allowing
remote inclusion of files. These changes would allow a remote user the
ability to execute exploit code on a victim machine, without any user
interaction on the victim's server. This could grant the attacker the
ability to deploy further code on the victim's server.

We *STRONGLY* advise all users of 1.4.11, and 1.4.12 upgrade
immediately.

Package MD5s
============
1a1bdad6245aaabcdd23d9402acb388e squirrelmail-1.4.13.tar.bz2
51ddd67a7ff9272f5a6e1da0b9dfbf18 squirrelmail-1.4.13.tar.gz
ed8871a693cc57d5a0d511f7b89f8781 squirrelmail-1.4.13.zip

We apologies for the inconvenience this may have caused.

- --
Happy SquirrelMailing!
The SquirrelMail Development Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFHYtKBK4PoFPj9H3MRAjiUAKDxM5V8J6vLEUAn7dfiIa1HYwKIWQCfYTbA
3nk8LOfqcBHfZ3IvEOXoOCo=
=USb7
-----END PGP SIGNATURE-----
 
I am getting this:

cp: `/var/www/html/squirrelmail/data' and `/var/www/html/squirrelmail-1.4.13/data' are the same file
 
/usr/local/directadmin/scripts/squirremail.sh

Or:
Code: 
cd /usr/local/directadmin/custombuild
./build update
./build squirrelmail
 
smtalk said:
/usr/local/directadmin/scripts/squirremail.sh

Or:
Code: 
cd /usr/local/directadmin/custombuild
./build update
./build squirrelmail
Click to expand...

cheers smtalk as always you've been brilliant for helping me out.

i had to run the first link you gave me the last ./build squirrelmail didnt work
 
You're welcome. It didn't work because you don't have custombuild installed then :)
 
You must log in or register to reply here.
Back
Top