compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. Reference: https://www.openwall.com/lists/oss-security/2020/06/20/1
Created squirrelmail tracking bugs for this issue: Affects: epel-all [bug 1850186] Affects: fedora-all [bug 1850185]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-14933