According to the Squirrelmail website some of the packages available for download on their site
had been modified by an outside intruder. If you are running 1.4.11 or 1.4.12 you are urged to upgrade
immediately. From their site
"Due to the package compromise of 1.4.11, and 1.4.12, we are forced to
release 1.4.13 to ensure no confusions. While initial review didn't
uncover a need for concern, several proof of concepts show that the
package alterations introduce a high risk security issue, allowing
remote inclusion of files. These changes would allow a remote user the
ability to execute exploit code on a victim machine, without any user
interaction on the victim's server. "
News Link: http://www.squirrelmail.org/
