Gentoo Full Text Bug Listing

Bug 185010 - mail-client/squirrelmail G/PGP plugin code injection (CVE-2005-1924, CVE-2006-1469)

Bug#: 185010	Product: Gentoo Security	Version: unspecified	Platform: All
OS/Version: Linux	Status: RESOLVED	Severity: normal	Priority: P2
Resolution: FIXED	Assigned To: security@gentoo.org	Reported By: hanno@gentoo.org
Component: Vulnerabilities
URL:
Summary: mail-client/squirrelmail G/PGP plugin code injection (CVE-2005-1924, CVE-2006-1469)
Keywords:
Status Whiteboard: B2 [glsa] p-y
Opened: 2007-07-11 22:59 0000

Description:

Opened: 2007-07-11 22:59 0000

CVE-2005-1924
CVE-2006-4169
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=329
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=330
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=331

------- Comment #1 From Jeremy Huddleston (RETIRED) 2007-07-12 20:41:16 0000 -------

I will wait two days for an updated plugin version from upstream.  If they have
not addressed the issue, I'll create a patch based on the workarounds provided
in the reports.

------- Comment #2 From Jeremy Huddleston (RETIRED) 2007-07-16 01:40:21 0000 -------

Revbumps for 1.4.10a and 1.5.1 are in portage.

------- Comment #3 From Sune Kloppenborg Jeppesen 2007-07-16 19:33:02 0000 -------

Arches please test and mark stable. Target keywords are:

"alpha amd64 ppc ppc64 sparc x86"

------- Comment #4 From Markus Rothe 2007-07-16 19:47:35 0000 -------

mail-client/squirrelmail-1.4.10a-r2 stable on ppc64

------- Comment #5 From Steve Dibb 2007-07-17 01:34:36 0000 -------

amd64 stable

------- Comment #6 From Raúl Porcel 2007-07-17 12:48:34 0000 -------

alpha/x86 stable

amd64: please stabilize the unmasked version(1.4)

------- Comment #7 From Gustavo Zacarias (RETIRED) 2007-07-17 13:19:15 0000 -------

sparc stable yesterday, didn't i remove us from CC@ back then? (deja vu).

------- Comment #8 From Marcus D. Hanwell 2007-07-17 21:20:57 0000 -------

Stable on amd64.

------- Comment #9 From Tobias Scherbaum 2007-07-20 17:42:36 0000 -------

ppc stable

------- Comment #10 From Raphael Marichez 2007-08-11 22:05:21 0000 -------

it's GLSA 200708-08, thanks everybody and sorry for the delay.