Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 185010

Summary: mail-client/squirrelmail G/PGP plugin code injection (CVE-2005-1924, CVE-2006-1469)
Product: Gentoo Security Reporter: Hanno Böck <hanno>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: eradicator
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [glsa] p-y
Package list:
Runtime testing required: ---

Comment 1 Jeremy Huddleston (RETIRED) gentoo-dev 2007-07-12 20:41:16 UTC 
I will wait two days for an updated plugin version from upstream.  If they have not addressed the issue, I'll create a patch based on the workarounds provided in the reports.
Comment 2 Jeremy Huddleston (RETIRED) gentoo-dev 2007-07-16 01:40:21 UTC 
Revbumps for 1.4.10a and 1.5.1 are in portage.
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-07-16 19:33:02 UTC 
Arches please test and mark stable. Target keywords are:

"alpha amd64 ppc ppc64 sparc x86"
Comment 4 Markus Rothe (RETIRED) gentoo-dev 2007-07-16 19:47:35 UTC 
mail-client/squirrelmail-1.4.10a-r2 stable on ppc64
Comment 5 Steve Dibb (RETIRED) gentoo-dev 2007-07-17 01:34:36 UTC 
amd64 stable
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2007-07-17 12:48:34 UTC 
alpha/x86 stable

amd64: please stabilize the unmasked version(1.4)
Comment 7 Gustavo Zacarias (RETIRED) gentoo-dev 2007-07-17 13:19:15 UTC 
sparc stable yesterday, didn't i remove us from CC@ back then? (deja vu).
Comment 8 Marcus D. Hanwell (RETIRED) gentoo-dev 2007-07-17 21:20:57 UTC 
Stable on amd64.
Comment 9 Tobias Scherbaum (RETIRED) gentoo-dev 2007-07-20 17:42:36 UTC 
ppc stable
Comment 10 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-08-11 22:05:21 UTC 
it's GLSA 200708-08, thanks everybody and sorry for the delay.