Package: squirrelmail Version: 2:1.4.9a-2 Severity: grave Tags: security Justification: user security hole
Squirrelmail does not set the secure flag for its session cookie when accessed over https. See http://int21.de/cve/CVE-2008-3663-squirrelmail.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
