fix insufficient escaping of user-supplied data (CVE-2017-7692)
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2017-a7161eb173
Please login to add feedback.
This update has been submitted for testing by mhlavink.
does this include the patch from 1.4.23 release 20170424_0200-SVN.stable? according to (Dawid Golunski)
https://legalhackers.com/advisories/SquirrelMail-Exploit-Remote-Code-Exec-CVE-2017-7692-Vuln.html
the first patch released did not solve the issue
and
This update has been pushed to testing.
This update has reached 3 days in testing and can be pushed to stable now if the maintainer wishes
yes, it includes this patch https://sourceforge.net/p/squirrelmail/code/14649/ from 2017-04-24
This update has been submitted for stable by mhlavink.
This update has been pushed to stable.