ELA-268-1 squirrelmail security update

unsafe serialisation vulnerabilities

Related CVEs CVE-2020-14932 CVE-2020-14933

Two unsafe serialisation vulnerabilities were discovered in the PHP-based squirrelmail webmail client.

Unsafe data was accepted to the mailto.php script which opened an email compose screen with the passed email address.

For Debian 8 Jessie, these problems have been fixed in version 2:1.4.23~svn20120406-2+deb8u5.

We recommend that you upgrade your squirrelmail packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.