CVE request: Squirrelmail < 1.4.18 XSS, session fixation, server-side code execution

[Hanno Böck <hanno () hboeck de>]

From squirrelmail.org:
The SquirrelMail Team is pleased to announce the release of SquirrelMail 
version 1.4.18. The most notable changes for this version are several 
security fixes, including a couple XSS exploits, a session fixation issue, 
and an obscure but dangerous server-side code execution hole.

-- 
Hanno Böck              Blog:           http://www.hboeck.de/
GPG: 3DBD3B20           Jabber/Mail:    hanno () hboeck de
http://ausdenaugenausdemsinn.de - Kein Sicherheitsrabatt für CO2-Speicher
http://tinyurl.com/dceu73 - Internetzensur stoppen!

http://schokokeks.org - professional webhosting

Attachment: signature.asc
Description: This is a digitally signed message part.