Bug 425291 (CVE-2007-6348)
Summary: | CVE-2007-6348 Squirrelmail compromise | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Josh Bressers <bressers> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | urgent | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | mbacovsk, redhat-bugzilla |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-12-14 21:46:50 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 425301, 425311, 425321 | ||
Bug Blocks: |
Description
Josh Bressers
2007-12-14 19:21:07 UTC
This flaw does not affect any version of Squirrelmail shipped in Red Hat Enterprise Linux. It also does not affect Fedora or EPEL. I would suggest to mark this bug report as duplicate of bug #424791 (or other way round, even if mine was before yours). Squirrelmail packages as shipped with Fedora 7, Fedora 8 and Fedora development are all based on clean and uncompromised tarball, therefore they are not vulnerable to this issue. An update to 1.4.13 might be issued to avoid confusion and ensure users that their installation is not backdoored. *** Bug 424791 has been marked as a duplicate of this bug. *** |