Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 185010 - mail-client/squirrelmail G/PGP plugin code injection (CVE-2005-1924, CVE-2006-1469)
Summary: mail-client/squirrelmail G/PGP plugin code injection (CVE-2005-1924, CVE-2006...
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa] p-y
Depends on:
Reported: 2007-07-11 22:59 UTC by Hanno Böck
Modified: 2007-08-11 22:06 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Jeremy Huddleston (RETIRED) gentoo-dev 2007-07-12 20:41:16 UTC
I will wait two days for an updated plugin version from upstream.  If they have not addressed the issue, I'll create a patch based on the workarounds provided in the reports.
Comment 2 Jeremy Huddleston (RETIRED) gentoo-dev 2007-07-16 01:40:21 UTC
Revbumps for 1.4.10a and 1.5.1 are in portage.
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-07-16 19:33:02 UTC
Arches please test and mark stable. Target keywords are:

"alpha amd64 ppc ppc64 sparc x86"
Comment 4 Markus Rothe (RETIRED) gentoo-dev 2007-07-16 19:47:35 UTC
mail-client/squirrelmail-1.4.10a-r2 stable on ppc64
Comment 5 Steve Dibb (RETIRED) gentoo-dev 2007-07-17 01:34:36 UTC
amd64 stable
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2007-07-17 12:48:34 UTC
alpha/x86 stable

amd64: please stabilize the unmasked version(1.4)
Comment 7 Gustavo Zacarias (RETIRED) gentoo-dev 2007-07-17 13:19:15 UTC
sparc stable yesterday, didn't i remove us from CC@ back then? (deja vu).
Comment 8 Marcus D. Hanwell (RETIRED) gentoo-dev 2007-07-17 21:20:57 UTC
Stable on amd64.
Comment 9 Tobias Scherbaum (RETIRED) gentoo-dev 2007-07-20 17:42:36 UTC
ppc stable
Comment 10 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-08-11 22:05:21 UTC
it's GLSA 200708-08, thanks everybody and sorry for the delay.