SynopsisThe remote Debian host is missing a security-related update.
DescriptionIt was discovered that the webmail package Squirrelmail performs insufficient sanitising inside the HTML filter, which allows the injection of arbitrary web script code during the display of HTML email messages.
SolutionUpgrade the squirrelmail package.
For the oldstable distribution (sarge) this problem has been fixed in version 2:1.4.4-11.
For the stable distribution (etch) this problem has been fixed in version 2:1.4.9a-2.