roundcube 1.2.3+dfsg.1-4 source package in Debian
Changelog
roundcube (1.2.3+dfsg.1-4) unstable; urgency=high * Backport fix for CVE-2017-8114: Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin. (Closes: #861388). -- Guilhem Moulin <email address hidden> Mon, 01 May 2017 23:37:14 +0200
Upload details
- Uploaded by:
- Debian Roundcube Maintainers
- Uploaded to:
- Sid
- Original maintainer:
- Debian Roundcube Maintainers
- Architectures:
- all
- Section:
- web
- Urgency:
- Very Urgent
See full publishing history Publishing
Series | Published | Component | Section |
---|
Builds
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
roundcube_1.2.3+dfsg.1-4.dsc | 2.4 KiB | bc98b29226e77b6dc5f70eb4826e8539536cb341604f90ba81aa8deef53b6a83 |
roundcube_1.2.3+dfsg.1.orig.tar.gz | 3.2 MiB | f3c4b66ee33edc92025e3fad003ea9cf92f2577b5a0ca6acfd5168d67abd6a20 |
roundcube_1.2.3+dfsg.1-4.debian.tar.xz | 4.2 MiB | 6e640a46f38dedd6e36015e66522a6756258878a04a047b39758a84ba97f1f57 |
Available diffs
No changes file available.