"At the end of last week the SquirrelMail development team
placed a public announcement on their website, alerting readers
that the primary download repository for SquirrelMail had been
compromised, and at least two versions of the popular webmail
application had been affected.
"While the modification was minor, a simple change to a PHP
global variable, it led to the case where the compromised versions
of SquirrelMail would allow arbitrary remote code execution..."