-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Tomas Kuliavas schrieb: |>|>Regarding the amount of attendance, we are asking ourselves, how much |>|>security-updates have been released during the last year. Is there any |>|>list, where one could find out? |>| |>| |>| Not really. We are talking about being more intentional about that, but |>| if you want to be the safest, use a snapshot of the CVS code from the |>| STABLE branch (currently 1.4.4) and you'll be up to date. |>| |> |>I didn't want a list, showing pending vulnarabilites in SM (dont't |>guess there are too much). Just wanted to know, how often we need to |>update SM to have a secure version. |>But due to the fact, that SuSE (the distribution we use) is offering |>SM as an RPM, we'll be save enough to use their rpm, which is |>maintained by YOU, | | | http://www.securityfocus.com/bid/vendor/ | There are search options for SquirrelMail. |
This really was a huge help mate. I just wanted to be able to measure the amount of maintenance work.
| If you use SLES, you should ask suse representatives about support options. | | If you use free version of SUSE Linux, SUSE has six months update cycle. | But they still provide security patches for older versions. Some suse | representative can say more. In case of squirrelmail suse 8.1-9.1 versions | should include patches for vulnerabilities fixed in 1.4.3a release. I | don't see fixes for latest xss fix. |
SuSE indeed *does* release Security Updates (we're quite firm in using SuSE Linux ;-) ). They do *not* release Version-Updates, they just do patches. Reagarding Security Focus, I conclude, that we are able to maintain SM in our normal maintenance circle, and only skip this one, if there is a critical vulnerability.
Greetinx,
Benni -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBsEWoyqQqpcmyLisRAvnzAJ0eCnbUJLGko/BhEp48LmzgT77wQwCeLjVJ 1p63QFMBROGi+bYv4q41aG4= =ON8l -----END PGP SIGNATURE-----
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/
--
squirrelmail-users mailing list
Posting Guidelines: http://squirrelmail.org/wiki/wiki.php?MailingListPostingGuidelines
List Address: [EMAIL PROTECTED]
List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
