Bug 26842

Summary: squirrelmail possible new security issues due to use of unserialize
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: lewyssmith, ouaurelien
Version: 7   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: squirrelmail-1.4.23-0.svn20191227_0200.2.mga8.src.rpm CVE:
Status comment:
Bug Depends on: 27821    
Bug Blocks:    

Description David Walser 2020-06-21 15:00:21 CEST 
Possible security issues in Squirrelmail have been reported:
https://www.openwall.com/lists/oss-security/2020/06/20/1

Hopefully they'll be fixed at some point.
Comment 1 Lewis Smith 2020-06-26 21:37:19 CEST 
Suggest assigning to mokraemer when something happens, and this bug gets updated. Leaving with bugsquqd until then.

CC: (none) => lewyssmith

Aurelien Oudelet 2020-09-02 17:48:53 CEST

CC: (none) => ouaurelien

David Walser 2020-12-15 00:38:52 CET

Depends on: (none) => 27821

Comment 2 David Walser 2020-12-21 05:07:26 CET 
Fixed in squirrelmail-1.4.23-0.svn20201220_0200.1.mga7 and squirrelmail-1.4.23-0.svn20201220_0200.1.mga8 as part of Bug 27821 by Marc.

Version: Cauldron => 7

Comment 3 David Walser 2021-01-08 18:36:01 CET 
Fixed in:
https://advisories.mageia.org/MGASA-2021-0010.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED