According to this message:

There is a command execution vulnerability in Squirrelmail GPG Plugin. The vulnerability has been tested on the latest versions of Squirrelmail, 1.4.10a, and GPG Plugin, 2.0.

Detailed analysis and command execution PoC available.

So I decided to update the GPG-plugin… so I will not be vulnerable any more