[Pkg-roundcube-maintainers] Bug#536498: Please backport roundcube CVE-2008-5619
Benjamin Bannier
benni at netronaut.de
Fri Jul 10 14:21:56 UTC 2009
Package: roundcube
Version: 0.2.2-1
Severity: grave
Tags: security
Justification: user security hole
Hi,
I have roundcube 0.1.1.10 installed from backports, and I see people
exploiting roundcube CVE-2008-5619
(http://trac.roundcube.net/ticket/1485618).
Any chances the fix mentioned there could be backported to etch?
For now I pulled the version from unstable on my system.
Best,
Benjamin
-- System Information:
Debian Release: 4.0
APT prefers oldstable
APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-amd64
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages roundcube depends on:
ii roundcube-core 0.2.2-1 skinnable AJAX based webmail solut
roundcube recommends no packages.
Versions of packages roundcube-core depends on:
ii apache2 2.2.3-4+etch8 Next generation, scalable, extenda
ii apache2-mpm-prefork 2.2.3-4+etch8 Traditional model for Apache HTTPD
ii dbconfig-common 1.8.29+etch1 common framework for packaging dat
ii debconf [debconf-2.0 1.5.11etch2 Debian configuration management sy
ii libmagic1 4.17-5etch3 File type determination library us
ii php-auth 1.2.4-0.1 PHP PEAR modules for creating an a
ii php-mail-mime 1.5.2-0.1 PHP PEAR module for creating MIME
ii php-mdb2 2.5.0b2-1 PHP PEAR module to provide a commo
ii php-net-smtp 1.2.6-2 PHP PEAR module implementing SMTP
ii php-net-socket 1.0.6-2 PHP PEAR Network Socket Interface
ii php5 5.2.0+dfsg-8+etch15 server-side, HTML-embedded scripti
ii php5-gd 5.2.0+dfsg-8+etch15 GD module for php5
ii php5-mcrypt 5.2.0+dfsg-8+etch15 MCrypt module for php5
ii php5-pspell 5.2.0+dfsg-8+etch15 pspell module for php5
ii roundcube-sqlite 0.2.2-1 metapackage providing sqlite depen
ii tinymce 3.2.1.1-0.1 platform independent web based Jav
ii ucf 2.0020 Update Configuration File: preserv
-- debconf information:
* roundcube/dbconfig-install: true
* roundcube/db/dbname: roundcube
roundcube/pgsql/authmethod-admin: ident
roundcube/pgsql/admin-user: postgres
roundcube/internal/skip-preseed: false
roundcube/db/app-user:
roundcube/dbconfig-reinstall: false
* roundcube/restart-webserver: false
roundcube/dbconfig-upgrade: true
roundcube/remote/port:
roundcube/pgsql/no-empty-passwords:
roundcube/passwords-do-not-match:
roundcube/internal/reconfiguring: false
roundcube/upgrade-error: abort
roundcube/pgsql/authmethod-user: password
roundcube/purge: false
* roundcube/language: de_DE
roundcube/remote/newhost:
roundcube/pgsql/changeconf: false
roundcube/upgrade-backup: true
roundcube/install-error: abort
roundcube/mysql/admin-user: root
* roundcube/hosts: netronaut.de:6666
roundcube/dbconfig-remove:
roundcube/mysql/method: unix socket
roundcube/remove-error: abort
roundcube/pgsql/method: unix socket
roundcube/pgsql/manualconf:
* roundcube/db/basepath: /var/lib/dbconfig-common/sqlite/roundcube
* roundcube/reconfigure-webserver: apache2
* roundcube/database-type: sqlite
roundcube/remote/host:
More information about the Pkg-roundcube-maintainers
mailing list