SquirrelMail 1.4.13 released - older versions compromised
SquirrelMail 1.4.13 released - older versions compromised
[Security] Posted Dec 15, 2007 15:28 UTC (Sat) by corbet
It would appear that the SquirrelMail 1.4.11 and 1.4.12 packages hosted on the project's web site were tampered with after their creation. The project thinks that the changes made cannot be used for an exploit, but it is clear that anybody who downloaded and installed those versions should get that code off their systems in a hurry. To that end, there is a 1.4.13 release out there - check the MD5 sums before installation! There's a bit more information on squirrelmail.org.