Description of problem: squirrelmail ships with several .orig files resulting from offsets when applying the patches: $ rpm -qlp squirrelmail-1.4.8-3.fc6.noarch.rpm | grep .orig /usr/share/squirrelmail/functions/i18n.php.orig /usr/share/squirrelmail/functions/mime.php.orig /usr/share/squirrelmail/src/compose.php.orig /usr/share/squirrelmail/src/right_main.php.orig /usr/share/squirrelmail/src/view_text.php.orig This doesn't cause any problems, it just looks bad. The attached patch got rid of them here. Version-Release number of selected component (if applicable): 1.4.8-3.fc6
Created attachment 146078 [details] Patch to get rid of the files
> This doesn't cause any problems, it just looks bad. Just as I hit commit, I realized that these files can be used to exploit the vulnerabilities the patches are meant to address.
Are you sure they can be?
I haven't tried exploiting it, but the files are accessible and do create the expected output. Try accessing e.g. /webmail/src/right_main.php.orig.