SquirrelMail CVE-2020-14932 & CVE-2020-14933 (and the old unpatched in DA CVE-2019-12970)

wattie

Verified User
Joined
May 31, 2008
Messages
1,206
Location
Bulgaria
There are two unserialize security vulnerabilities of SquirrelMail from June. It looks like they are not yet patched officially. Please monitor the ./src/compose.php here:


An eventual patch which converts the unsecure code to use JSON is available here:


P.S. Please also note that the current installation of SquirrelMail from DA is NOT patched against CVE-2019-12970. You need to apply this patch to your installations to fix it:

 
Last edited:
You are the only person I know who uses Squirrelmail. I stopped using it like 17 years ago.:cool:
 
Back
Top