[Pkg-roundcube-maintainers] Bug#727668: roundcube:CVE-2013-6172: vulnerability in handling _session argument of utils/save-prefs

Salvatore Bonaccorso carnil at debian.org
Fri Oct 25 06:52:09 UTC 2013


Package: roundcube
Severity: grave
Tags: security upstream patch fixed-upstream

Hi,

the following vulnerability was published for roundcube.

CVE-2013-6172[0]:
vulnerability in handling _session argument of utils/save-prefs

See [1] for further information.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6172
    http://security-tracker.debian.org/tracker/CVE-2013-6172
[1] http://roundcube.net/news/2013/10/21/security-updates-095-and-087/
[2] http://trac.roundcube.net/ticket/1489382

Please adjust the affected versions in the BTS as needed (not yet
verified if also roundcube in oldstable/squeeze is affected).

Do you have a chance to prepare packages also for wheezy-security (and
squeeze-security if affected)?

Regards,
Salvatore



More information about the Pkg-roundcube-maintainers mailing list