From 79f0deac0f604e4057704808be947a1cf4761cd8 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Tue, 7 Jul 2015 14:35:39 +0000 Subject: [PATCH] Document roundcube vulnerabilities Security: CVE-2015-5381 Security: CVE-2015-5383 --- security/vuxml/vuln.xml | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index c98ec8b4f4d1..c7a4fe87d801 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -57,6 +57,45 @@ Notes: --> + + roundcube - multiple vulnerabilities + + + roundcube + 1.1.0,11.1.2,1 + 1.0.6,1 + + + + +

Roundcube reports:

+
+

We just published updates to both stable versions 1.0 and + 1.1 after fixing many minor bugs and adding some security improvements + to the 1.1 release branch. Version 1.0.6 comes with cherry-picked fixes + from the more recent version to ensure proper long term support + especially in regards of security and compatibility. + + The security-related fixes in particular are: + + * XSS vulnerability in _mbox argument + * security improvement in contact photo handling + * potential info disclosure from temp directory

+
+ + + + CVE-2015-5381 + CVE-2015-5383 + http://openwall.com/lists/oss-security/2015/07/06/10 + https://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released/ + + + 2015-05-30 + 2015-07-7 + + + turnserver -- SQL injection vulnerability