Please sync roundcube from Debian sid version 0.9.4-1.1 or greater
Bug #1256293 reported by
David King
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
roundcube (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Saucy |
Won't Fix
|
Undecided
|
Unassigned | ||
Trusty |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Ubuntu 13.10
roundcube 0.9.2-2
Versions below 0.9.3 are affected by CVE 2013-5645, and below version 0.9.5 are affected by CVE 2013-6172 (patched in 0.9.4-1.1).
information type: | Public → Public Security |
To post a comment you must log in.
Following https:/ /wiki.ubuntu. com/SyncRequest Process# Content_ of_a_sync_ request
Changelog entries since 0.9.2-2:
roundcube (0.9.4-1.1) unstable; urgency=high
* Non-maintainer upload.
* Add CVE-2013-6172.patch patch.
CVE-2013-6172: An attacker can overwrite configuration settings using
user preferences. This can result in random file access and manipulated
SQL queries. (Closes: #727668)
-- Salvatore Bonaccorso <email address hidden> Sat, 26 Oct 2013 21:47:22 +0200
roundcube (0.9.4-1) unstable; urgency=low
* New upstream version.
+ Fix CVE-2013-5645 (Closes: #721592)
+ "Enigma" plugin has been removed.
-- Vincent Bernat <email address hidden> Sun, 08 Sep 2013 13:52:46 +0200