There are two unserialize security vulnerabilities of SquirrelMail from June. It looks like they are not yet patched officially. Please monitor the ./src/compose.php here:
An eventual patch which converts the unsecure code to use JSON is available here:
P.S. Please also note that the current installation of SquirrelMail from DA is NOT patched against CVE-2019-12970. You need to apply this patch to your installations to fix it:
An eventual patch which converts the unsecure code to use JSON is available here:
squirrelpatches/patches/squirrelmail-security-mailto-avoid-unserialize.diff at main · hannob/squirrelpatches
Patches for Squirrelmail. Contribute to hannob/squirrelpatches development by creating an account on GitHub.
github.com
P.S. Please also note that the current installation of SquirrelMail from DA is NOT patched against CVE-2019-12970. You need to apply this patch to your installations to fix it:
SquirrelMail / Code / Commit [r14829]
sourceforge.net
Last edited: