Accepted squirrelmail 2:1.4.23~svn20120406-2+deb8u2 (all source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 07 Apr 2018 15:24:43 +0200
Source: squirrelmail
Binary: squirrelmail
Architecture: all source
Version: 2:1.4.23~svn20120406-2+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 893202
Description:
squirrelmail - Webmail for nuts
Changes:
squirrelmail (2:1.4.23~svn20120406-2+deb8u2) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Path traversal vulnerability (CVE-2018-8741)
Directory traversal flaw in Deliver.class.php can allow a remote
attacker to retrieve or delete arbitrary files. (Closes: #893202)
Checksums-Sha1:
979c050944cec020109ca236f7b1cba48749c492 2186 squirrelmail_1.4.23~svn20120406-2+deb8u2.dsc
48c5a43d231b33d8e6e4c6d3655c126fd90dd7ae 35032 squirrelmail_1.4.23~svn20120406-2+deb8u2.debian.tar.xz
96f163637b5a94b78d3477c6d07b5daa7472fc31 499632 squirrelmail_1.4.23~svn20120406-2+deb8u2_all.deb
Checksums-Sha256:
0d7fb031fea6ef72de78aeb5cf3841f37767a40b1c706d57b5bc23e9eaf4bf5c 2186 squirrelmail_1.4.23~svn20120406-2+deb8u2.dsc
aec6f8157e10bc0a490dd12c48b76791c8fc027141086c01895b629358219e18 35032 squirrelmail_1.4.23~svn20120406-2+deb8u2.debian.tar.xz
b5f652a746391b0368dfe7e75bdc12c5c6eaaaa77a9e6bd12406e5ef276032bc 499632 squirrelmail_1.4.23~svn20120406-2+deb8u2_all.deb
Files:
80640afa1147ccf9cd9fa41222e4d4e6 2186 web optional squirrelmail_1.4.23~svn20120406-2+deb8u2.dsc
97ffd7598b81a2ff78fd50e45ada8a1b 35032 web optional squirrelmail_1.4.23~svn20120406-2+deb8u2.debian.tar.xz
f7523f175880000052e5ebd9da26061c 499632 web optional squirrelmail_1.4.23~svn20120406-2+deb8u2_all.deb
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlrIyHlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EaJ8P/2LczzJHLQ7kfcVTgGPazLfrqIf15eKK
brJfjrT/k8BPeSh9xF0enqPy05fqCFXzrTDpO8U4zvvrPixdVclW2W5HcUZFx0q9
J2/2RJHmwUPwTjUFCXaNrci0bXlvTb2hgwJVxz3apiYLpEEEWtJSEFBFudyKYtM5
kdScgiHbvLjLh5QWHlL6T/Y3/0xwqOjDnlIukdA+Ht8EJwURF7P4Qh7dMNQ16RwW
r4FWrXzobI6NHZeo7yvgGte1GYw8DegpAixlRwQxRpP/PdyA30247O4FYIjMIH0o
NiqSaelNLc41xtpTGfkFLlYi0cPVoFVyP4uG4Vv3AmiJ4R5vcNvaF9eAw9M/TL+S
WJn3NGnt/ieNqCy+T7p0HHJKBIxbHqwgmJeG0kpPsUQ1yXgyMEUj46xfnTkQ5jBA
z2u+6i5/O3pDGmExJoeuLPe0F+ez5WgA9figfONh9Av4ytAakerq2ZX3gWtoasgT
UU+7U4SmF1Tpe6t7p/OkUGDiUX9p+C4W4efr2F/wdMrXyxLL5f2oWTl1qlTzfdbn
MhPA9pcIxrUUh8Ahy53tHx6kxwQ74ai3Z30Fo0Kvblfw1+mNoTg6XBLCIXYGQzyH
3SeqHv/Goxl2u+jwfF4nBMu9K0UuanGy6fImWG/fkEnfSpaoVwCvVFrnQHHlepEK
lLmDIhFn4mHi
=2lkj
-----END PGP SIGNATURE-----