The SquirrelMail team announced on Dec 14, 2007 that there was a package compromise of versions 1.4.11 and 1.4.12. Hackers gained access to the package repository and made modifications to the release packages. If you are running one of these versions you should upgrade to 1.4.13 immediately. More info on the SquirrelMail website: http://www.squirrelmail.org/
We are running SquirrelMail 1.4.6-3 on a RH9 server and none of our yum's have a later version. How can we update the SquirrelMail to 1.4.13 or are we better off not trying?
Only versions 1.4.11 and 1.4.12 have the security so you can stick with 1.4.6 if you want to. Upgrading SquirrelMail is not a big deal. I just upgraded my 1.4.11 by simply downloading version 1.4.13 from the SquirrelMail website and overwriting the old files with the new ones.
huh? overwriting which old file with new ones? Interesting and a bit disconcerning that RPMFind's latest version for any system is 1.4.10a-17.4 , which makes me wonder if there are not oodles of configuration or usability problems with the latest versions.
