[Git][security-tracker-team/security-tracker][master] roundcube CVEfied plus additional references
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jun 2 09:31:37 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b907cf8f by Moritz Muehlenhoff at 2025-06-02T10:31:12+02:00
roundcube CVEfied plus additional references
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -49,7 +49,12 @@ CVE-2025-5113 (The Diviotec professional series exposes a web interface. One end
CVE-2025-4010 (The Netcom NTC 6200 and NWL 222 series expose a web interface to be co ...)
NOT-FOR-US: Netcom NTC 6200 and NWL 222 series
CVE-2025-49113 (Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote ...)
- TODO: check
+ - roundcube 1.6.11+dfsg-1 (bug #1107073)
+ NOTE: https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10
+ NOTE: https://github.com/roundcube/roundcubemail/pull/9865
+ NOTE: https://github.com/roundcube/roundcubemail/commit/0376f69e958a8fef7f6f09e352c541b4e7729c4d (1.6.11)
+ NOTE: https://github.com/roundcube/roundcubemail/commit/7408f31379666124a39f9cb1018f62bc5e2dc695 (1.5.10)
+ NOTE: https://github.com/roundcube/roundcubemail/commit/c50a07d88ca38f018a0f4a0b008e9a1deb32637e (1.5.10)
CVE-2025-49112 (setDeferredReply in networking.c in Valkey through 8.1.1 has an intege ...)
TODO: check
CVE-2025-3951 (The WP-Optimize WordPress plugin before 4.2.0 does not properly escap ...)
@@ -82,10 +87,6 @@ CVE-2025-0324 (The VAPIX Device Configuration framework allowed a privilege esca
NOT-FOR-US: Axis Communication
CVE-2024-11857 (Bluetooth HCI Adaptor from Realtek has a Link Following vulnerability. ...)
NOT-FOR-US: Realtek
-CVE-2025-XXXX [Post-Auth RCE via PHP Object Deserialization]
- - roundcube 1.6.11+dfsg-1 (bug #1107073)
- NOTE: https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10
- NOTE: https://github.com/roundcube/roundcubemail/commit/0376f69e958a8fef7f6f09e352c541b4e7729c4d (v1.6.11)
CVE-2025-5406 (A vulnerability, which was classified as critical, was found in chaita ...)
NOT-FOR-US: chaitak-gorai Blogbook
CVE-2025-5405 (A vulnerability, which was classified as problematic, has been found i ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b907cf8fc7341b47b670fd7b4230593b46ecff88
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b907cf8fc7341b47b670fd7b4230593b46ecff88
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250602/16a477dd/attachment.htm>
More information about the debian-security-tracker-commits
mailing list