Re: Accepted squirrelmail 2:1.4.23~svn20120406-2+deb7u2 (source all) into oldoldstable

Wed, 11 Apr 2018 13:13:47 -0700 

Did you forget to issue a DLA for this one? I see the package is not
claimed in dla-needed.txt either...

a.

On 2018-04-11 18:23:46, Thijs Kinkhorst wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Format: 1.8
> Date: Wed, 11 Apr 2018 13:24:23 +0200
> Source: squirrelmail
> Binary: squirrelmail
> Architecture: source all
> Version: 2:1.4.23~svn20120406-2+deb7u2
> Distribution: wheezy-security
> Urgency: high
> Maintainer: Jeroen van Wolffelaar <jer...@wolffelaar.nl>
> Changed-By: Thijs Kinkhorst <th...@debian.org>
> Description: 
>  squirrelmail - Webmail for nuts
> Closes: 893202
> Changes: 
>  squirrelmail (2:1.4.23~svn20120406-2+deb7u2) wheezy-security; urgency=high
>  .
>    * Path traversal vulnerability (CVE-2018-8741)
>      Directory traversal flaw in Deliver.class.php can allow a remote
>      attacker to retrieve or delete arbitrary files. (Closes: #893202)
> Checksums-Sha1: 
>  f922ec47972a3a6281374af9f2f2c007ac1b815b 1673 
> squirrelmail_1.4.23~svn20120406-2+deb7u2.dsc
>  2b406c312e8650c092c6fdb3aaa770da3fe44e7b 40065 
> squirrelmail_1.4.23~svn20120406-2+deb7u2.debian.tar.gz
>  4255b987b44dd1088fd1a0d444d928aaae2415be 644190 
> squirrelmail_1.4.23~svn20120406-2+deb7u2_all.deb
> Checksums-Sha256: 
>  8400ba54f905e8e6d58682362a4948865b68436d2c6e362d0709981ccf4752a6 1673 
> squirrelmail_1.4.23~svn20120406-2+deb7u2.dsc
>  8d6983edbbc566654e74d541c7d99e028ea9abab18babada166c0e2a026e18f8 40065 
> squirrelmail_1.4.23~svn20120406-2+deb7u2.debian.tar.gz
>  c68ade218517d455b2d6a5df9521de39fe646268eda09749fedcab93547326f4 644190 
> squirrelmail_1.4.23~svn20120406-2+deb7u2_all.deb
> Files: 
>  e1154fe67bb006221eab16ae82ac201b 1673 web optional 
> squirrelmail_1.4.23~svn20120406-2+deb7u2.dsc
>  d39330150cebf157e28e24a6bb6ea4ab 40065 web optional 
> squirrelmail_1.4.23~svn20120406-2+deb7u2.debian.tar.gz
>  7000baeefe4ac237ff1d7772eade3295 644190 web optional 
> squirrelmail_1.4.23~svn20120406-2+deb7u2_all.deb
>
> -----BEGIN PGP SIGNATURE-----
>
> iQEuBAEBCAAYBQJazfEAERx0aGlqc0BkZWJpYW4ub3JnAAoJEFb2GnlAHawE5r8I
> AIG3VU7P6/hhy4V/RFfAM1XABOjdJiU2M+oUni81iYtN8fGcbo1csFdunfPIC5s7
> dxa8Er1KHskLxovIuEQAe1GT+C4ubHwq7K9pcnanOuw73Ob3FFrwrh77ARTT2SZx
> oTPAwgknJrVFJLad/TVqEecuBIMmKgA5x3PBjobQYnzdll73nu1I3j1fhC6CyQCY
> vz52/SicwucAhwJMrfuBFfwNm65CdtrQ0EKZuwwx8ptV/KHMDmrULOBH9qdQfQE4
> j4LDYiDYU5CcXs3EMiC933okzhRi09K2uy7TpZKaKvsrgXUX6bJXiWlY5UBA2eix
> IFzxH89V6UkTlkihLoWIwng=
> =lfnt
> -----END PGP SIGNATURE-----

-- 
You can't conquer a free man; the most you can do is kill him.
                       -  Robert A. Heinlein

Reply via email to