Squirrelmail archive compromission and version 1.4.9a-2 (in etch)

3 msg	Are the patches from the recent DSAs incorporat...
1 msg	www.pymexpress.com.ar
4 msg	Re: www.juniorguide.com
1 msg	www.chequesonline.com.ar
1 msg	www.lipoaspirasion.com.ar
31 msg	ping22: can not kill this process
2 msg	Re: (CVE-2007-0855) Preparation of the next sta...
4 msg	Amir Mechouk är inte på kontoret.
7 msg	Re: [SECURITY] [DSA 1438-1] New tar packages fi...
6 msg	new updates, no recent DSAs.... Hmmmm
1 msg	AUTO: Johannes Paechnatz ist außer Haus (Rückke...
2 msg	Flash 9.0.31 as distributed in Etch is insecure
1 msg	Re: Bug#439335: CVE-2007-4131: GNU tar Director...
11 msg	Re: [SECURITY] [DSA 1435-1] New clamav packages...

Squirrelmail archive compromission and version ...
\ Emmanuel Halbwachs (17 Dec 2007)
. \ Nico Golde (17 Dec 2007)

6 msg	PCI vulnerability scan - PHP4 on Sarge
1 msg	Robert B Jackson is on vacation.
2 msg	Manipulated squirrelmail download archives - ho...
26 msg	large campus network ... sugestions
1 msg	Medical Doctor List in the United States

Subject:	Squirrelmail archive compromission and version 1.4.9a-2 (in etch)
Group:	Debian-security
From:	Emmanuel Halbwachs
Date:	17 Dec 2007

Hello everybody,

We run squirrelmail as our production webmail for ~ 1k users.

Now we can see that the squirrelmail team has discovered that 1.4.11
have also been compromised.

A colleague on another list points out the fact that they have removed
from the download archive all versions from 1.4.9 to 1.4.12.

If there is suspicion on 1.4.9, I guess we can suspect the version
currently in etch.

Can somebody (maybe Thijs Kinkhorst who is a Debian Developper and
apparently member of the squirrelmail team) enlight us on this subject,
please?

TIA,

--
Emmanuel Halbwachs
Resp. Réseau/Sécurité Observatoire de Paris-Meudon
tel : (+33)1 45 07 75 54 5 Place Jules Janssen
fax : (+33)1 45 07 76 13 F 92195 MEUDON CEDEX

--
To UNSUBSCRIBE, email to debian-security-REQUEST
with a subject of "unsubscribe". Trouble? Contact listmaster