FreeBSD Ports: squirrelmail

The remote host is missing an update to the system as announced in the referenced advisory.

The following package is affected: squirrelmail CVE-2006-0377 CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka 'IMAP injection.' CVE-2006-0195 Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) '/*' and '*/' comments, or (2) a newline in a 'url' specifier, which is processed by certain web browsers including Internet Explorer. CVE-2006-0188 webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS.

Update your system with the appropriate patches or software upgrades.