ELA-268-1 squirrelmail security update

unsafe serialisation vulnerabilities

2020-08-28
Packagesquirrelmail
Version2:1.4.23~svn20120406-2+deb8u5
Related CVEs CVE-2020-14932 CVE-2020-14933

Two unsafe serialisation vulnerabilities were discovered in the PHP-based squirrelmail webmail client.

Unsafe data was accepted to the mailto.php script which opened an email compose screen with the passed email address.

For Debian 8 Jessie, these problems have been fixed in version 2:1.4.23~svn20120406-2+deb8u5.

We recommend that you upgrade your squirrelmail packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/