| Package | squirrelmail |
|---|---|
| Version | 2:1.4.23~svn20120406-2+deb8u5 |
| Related CVEs | CVE-2020-14932 CVE-2020-14933 |
Two unsafe serialisation vulnerabilities were discovered in the PHP-based
squirrelmail webmail client.
Unsafe data was accepted to the mailto.php script which opened an email
compose screen with the passed email address.
For Debian 8 Jessie, these problems have been fixed in version 2:1.4.23~svn20120406-2+deb8u5.
We recommend that you upgrade your squirrelmail packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.