[SECURITY] [DLA 737-1] roundcube security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : roundcube
Version : 0.7.2-9+deb7u5
Debian Bug : 847287
It was discovered that there was a vulnerability where a remote user could
execute arbitrary commands in Roundcube, a webmail solution for IMAP
servers, by sending a specially crafted email.
This was due to lack of sanitisation of the arguments to PHP's "mail"
function.
For Debian 7 "Wheezy", this issue has been fixed in roundcube version
0.7.2-9+deb7u5.
We recommend that you upgrade your roundcube packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlhJrckACgkQHpU+J9Qx
Hlgkeg/7BR8+OXVKZhJwepA6HKVtZ7csUeQ+tRKXM7m9MmMJiMXbS8LCpAs7d2QG
np+qWomusv24j/y3ndRsN3qTOPfu/7j9Xd133vrK/RSsbBF2wIuH+6pPhP5Af9Mk
obmhNUpnn0US4tH8tNgesgBi3WLyzKtsswbVTicBTYQAL32yTGsmYQ0WHHlE5XcK
achr4djIzV9C2uxazg7jXsOpp6V7y02rRtdoPcBtLudzDdSjyfgUyR7k/7ELm82Q
oFWKZvfd3p/IgqBLBaBabVxDhUfgFvbo2pJhg18D+nbSkMHjut8sUC9KsPtAY03Q
CGHH29C+5Rm+cT1joPxthFksL6GvjP37EWBKGpF0WZ3109A8I/+cnO3uadA3SgSE
pTqZuuOJVk+RKBsJmJTvJBoMFoZDRFw7386s1WwgxRs3cIg0SgfknAsl/b4GTT/z
WS32EqgBPdTYplyDn/GfCwwEuY7j8SD866JCU7qIwG9s2qm/cEaA8k75HkVaRH85
E4yh7ot6Hq7nhPQzE+ncoqUJXRdNi+DqdDmuMeVl1HXCx9jj/soyF3hxgFBDY1dc
xfbTsvAX40S3rXu57j0Z6v3TT5bsMy56zCer8NeqF/6H3KzxXHREJE8q28in2hRq
9CzjKiuEWm4TnEromud4+B0NP5+bZIKAN2BvNhpwGFTD8lRvlWo=
=tczY
-----END PGP SIGNATURE-----
Reply to: