[CVE-2008-5619] [CVE-2008-5620] - Roundcube vulnerable and actively exploited
Bug #316550 reported by
otzenpunk
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
roundcube (Debian) |
Fix Released
|
Unknown
|
|||
roundcube (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Hardy |
Fix Released
|
High
|
Unassigned | ||
Intrepid |
Fix Released
|
High
|
Unassigned |
Bug Description
Binary package hint: roundcube
Roundcube 0.1 - as shipped in the universe section of every Ubuntu version before Jaunty - is vulnerable to a denial of service attack. This is currently exploited widely. See
http://
http://
http://
http://
http://
Changed in roundcube: | |
status: | New → In Progress |
status: | New → In Progress |
Changed in roundcube: | |
importance: | Undecided → High |
status: | In Progress → Confirmed |
importance: | Undecided → High |
status: | In Progress → Confirmed |
Changed in roundcube: | |
assignee: | nobody → andrewsomething |
assignee: | nobody → andrewsomething |
Changed in roundcube: | |
assignee: | andrewsomething → nobody |
status: | Confirmed → In Progress |
assignee: | andrewsomething → nobody |
status: | Confirmed → In Progress |
Changed in roundcube (Debian): | |
status: | Unknown → Fix Released |
To post a comment you must log in.
Thanks for taking the time to report this bug and helping to make Ubuntu /wiki.ubuntu. com/SecurityUpd ateProcedures
better. Since the package referred to in this bug is in universe or multiverse,
it is community maintained. If you are able, I suggest posting a debdiff for
this issue. When a debdiff is available, members of the security team will
review it and publish the package. See the following link for more information:
https:/