roundcube 1.2.3+dfsg.1-4+deb9u2 source package in Debian
Changelog
roundcube (1.2.3+dfsg.1-4+deb9u2) stretch-security; urgency=high
* Backport fix for CVE-2018-9846: When the archive plugin enabled and
configured, it's possible to exploit the unsanitized, user-controlled
"_uid" parameter to perform an MX (IMAP) injection attack.
https://github.com/roundcube/roundcubemail/issues/6238
(Closes: #895184).
* Backport fix for CVE-2018-1000071: Insecure Permissions vulnerability in
enigma plugin that can result in exfiltration of gpg private key.
https://github.com/roundcube/roundcubemail/issues/6173
-- Guilhem Moulin <email address hidden> Sat, 21 Apr 2018 01:51:56 +0200
Upload details
- Uploaded by:
- Debian Roundcube Maintainers
- Uploaded to:
- Stretch
- Original maintainer:
- Debian Roundcube Maintainers
- Architectures:
- all
- Section:
- web
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| roundcube_1.2.3+dfsg.1-4+deb9u2.dsc | 2.4 KiB | 78d77a87e616607ac6adeb0c0e8994d50fdd1373d7dd36913d871247f7092814 |
| roundcube_1.2.3+dfsg.1.orig.tar.gz | 3.2 MiB | f3c4b66ee33edc92025e3fad003ea9cf92f2577b5a0ca6acfd5168d67abd6a20 |
| roundcube_1.2.3+dfsg.1-4+deb9u2.debian.tar.xz | 4.2 MiB | 85746595e5f4da97b08901816975bfd519995cceab206ba2436d00eddf562329 |
No changes file available.
