Comment 8 for bug 396306

This bug was fixed in the package squirrelmail - 2:1.4.15-4ubuntu0.2

---------------
squirrelmail (2:1.4.15-4ubuntu0.2) jaunty-security; urgency=low

  * SECURITY UPDATE: (LP: #396306)
  * Server-side code injection in map_yp_alias username map. An issue was
    fixed that allowed arbitrary server-side code execution when SquirrelMail
    was configured to use the example "map_yp_alias" username mapping
    functionality.
    - Fixes incomplete fix for CVE-2009-1579
    - http://squirrelmail.org/security/issue/2009-05-10
    - CVE-2009-1381
    - Patch taken from upstream svn rev. 13733. Applied inline.

 -- Andreas Wenning <email address hidden> Tue, 07 Jul 2009 02:39:55 +0200