185010 2007-07-11 22:59 0000 mail-client/squirrelmail G/PGP plugin code injection (CVE-2005-1924, CVE-2006-1469) 2007-08-11 22:06:03 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED B2 [glsa] p-y P2 normal --- 1 hanno@gentoo.org security@gentoo.org eradicator@gentoo.org hanno@gentoo.org 2007-07-11 22:59:41 0000 CVE-2005-1924 CVE-2006-4169 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=329 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=330 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=331 eradicator@gentoo.org 2007-07-12 20:41:16 0000 I will wait two days for an updated plugin version from upstream. If they have not addressed the issue, I'll create a patch based on the workarounds provided in the reports. eradicator@gentoo.org 2007-07-16 01:40:21 0000 Revbumps for 1.4.10a and 1.5.1 are in portage. jaervosz@gentoo.org 2007-07-16 19:33:02 0000 Arches please test and mark stable. Target keywords are: "alpha amd64 ppc ppc64 sparc x86" corsair@gentoo.org 2007-07-16 19:47:35 0000 mail-client/squirrelmail-1.4.10a-r2 stable on ppc64 beandog@gentoo.org 2007-07-17 01:34:36 0000 amd64 stable armin76@gentoo.org 2007-07-17 12:48:34 0000 alpha/x86 stable amd64: please stabilize the unmasked version(1.4) gustavoz@gentoo.org 2007-07-17 13:19:15 0000 sparc stable yesterday, didn't i remove us from CC@ back then? (deja vu). cryos@gentoo.org 2007-07-17 21:20:57 0000 Stable on amd64. dertobi123@gentoo.org 2007-07-20 17:42:36 0000 ppc stable falco@gentoo.org 2007-08-11 22:05:21 0000 it's GLSA 200708-08, thanks everybody and sorry for the delay.