A vulnerability has been found and corrected in squirrelmail:

functions/imap_general.php in SquirrelMail before 1.4.21 does not
properly handle 8-bit characters in passwords, which allows remote
attackers to cause a denial of service (disk consumption) by making
many IMAP login attempts with different usernames, leading to the
creation of many preferences files (CVE-2010-2813).

This update provides squirrelmail 1.4.21, which is not vulnerable to
this issue.