SquirrelMail 1.4.13 security release
After a more thorough investigation, the developers of the SquirrelMail web mail system have categorized the manipulations to the installation archives of versions 1.4.12 and 1.4.11 that were recently made public as far more dangerous than initially believed. It turns out that attackers could use the modifications to include arbitrary script code and have it executed by the server.
The initial analysis wrongly concluded that the changes would not be critical. The SquirrelMail developers released version 1.4.13 to prevent any further confusions over original and manipulated installation archives circulating on the internet. They advise all SquirrelMail admins running versions 1.4.12 or 1.4.11 to upgrade to the new version as soon as possible.