[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 737-1] roundcube security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : roundcube
Version        : 0.7.2-9+deb7u5
Debian Bug     : 847287

It was discovered that there was a vulnerability where a remote user could
execute arbitrary commands in Roundcube, a webmail solution for IMAP
servers, by sending a specially crafted email.

This was due to lack of sanitisation of the arguments to PHP's "mail"
function.

For Debian 7 "Wheezy", this issue has been fixed in roundcube version
0.7.2-9+deb7u5.

We recommend that you upgrade your roundcube packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlhJrckACgkQHpU+J9Qx
Hlgkeg/7BR8+OXVKZhJwepA6HKVtZ7csUeQ+tRKXM7m9MmMJiMXbS8LCpAs7d2QG
np+qWomusv24j/y3ndRsN3qTOPfu/7j9Xd133vrK/RSsbBF2wIuH+6pPhP5Af9Mk
obmhNUpnn0US4tH8tNgesgBi3WLyzKtsswbVTicBTYQAL32yTGsmYQ0WHHlE5XcK
achr4djIzV9C2uxazg7jXsOpp6V7y02rRtdoPcBtLudzDdSjyfgUyR7k/7ELm82Q
oFWKZvfd3p/IgqBLBaBabVxDhUfgFvbo2pJhg18D+nbSkMHjut8sUC9KsPtAY03Q
CGHH29C+5Rm+cT1joPxthFksL6GvjP37EWBKGpF0WZ3109A8I/+cnO3uadA3SgSE
pTqZuuOJVk+RKBsJmJTvJBoMFoZDRFw7386s1WwgxRs3cIg0SgfknAsl/b4GTT/z
WS32EqgBPdTYplyDn/GfCwwEuY7j8SD866JCU7qIwG9s2qm/cEaA8k75HkVaRH85
E4yh7ot6Hq7nhPQzE+ncoqUJXRdNi+DqdDmuMeVl1HXCx9jj/soyF3hxgFBDY1dc
xfbTsvAX40S3rXu57j0Z6v3TT5bsMy56zCer8NeqF/6H3KzxXHREJE8q28in2hRq
9CzjKiuEWm4TnEromud4+B0NP5+bZIKAN2BvNhpwGFTD8lRvlWo=
=tczY
-----END PGP SIGNATURE-----
Reply to: