SquirrelMail package compromise

Published: 2007-12-14
Last Updated: 2007-12-14 11:28:49 UTC
by Maarten Van Horenbeeck (Version: 1)
0 comment(s)

The SquirrelMail project has posted a notice on their website stating they have found an unofficial modification in the packages for version 1.4.12. They believe this change to have been made through a release maintainer's compromised account.

They are still investigating the changes, which appear to result in an error and do not seem to lead to system compromise. However, they have restored the original, verified packages to Sourceforge. Users having implemented version 1.4.12 of Squirrelmail after December 8th are strongly advised to redownload and reinstall the package.

Thanks to Peter for bringing this to our attention.

Keywords:
0 comment(s)

Comments


Diary Archives