Bug 26842 - squirrelmail possible new security issues due to use of unserialize
Summary: squirrelmail possible new security issues due to use of unserialize
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on: 27821
Blocks:
  Show dependency treegraph
 
Reported: 2020-06-21 15:00 CEST by David Walser
Modified: 2021-01-08 18:36 CET (History)
2 users (show)

See Also:
Source RPM: squirrelmail-1.4.23-0.svn20191227_0200.2.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2020-06-21 15:00:21 CEST 
Possible security issues in Squirrelmail have been reported:
https://www.openwall.com/lists/oss-security/2020/06/20/1

Hopefully they'll be fixed at some point.
Comment 1 Lewis Smith 2020-06-26 21:37:19 CEST 
Suggest assigning to mokraemer when something happens, and this bug gets updated. Leaving with bugsquqd until then.

CC: (none) => lewyssmith

Aurelien Oudelet 2020-09-02 17:48:53 CEST

CC: (none) => ouaurelien

David Walser 2020-12-15 00:38:52 CET

Depends on: (none) => 27821

Comment 2 David Walser 2020-12-21 05:07:26 CET 
Fixed in squirrelmail-1.4.23-0.svn20201220_0200.1.mga7 and squirrelmail-1.4.23-0.svn20201220_0200.1.mga8 as part of Bug 27821 by Marc.

Version: Cauldron => 7

Comment 3 David Walser 2021-01-08 18:36:01 CET 
Fixed in:
https://advisories.mageia.org/MGASA-2021-0010.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.