[Pkg-roundcube-maintainers] Bug#895184: Bug#895184: roundcube: CVE-2018-9846: check_request() bypass in archive plugin
Guilhem Moulin
guilhem at debian.org
Mon Apr 9 11:25:20 BST 2018
Hi Salvatore,
Thanks for the poke! Upstream fixed this earlier today:
https://github.com/roundcube/roundcubemail/commit/e3dd5b66d236867572e68fcb80281e9268a0cfb0
> If you fix the vulnerability please also make sure to include the CVE
> (Common Vulnerabilities & Exposures) id in your changelog entry.
Can upload in one hour or two.
Cheers,
--
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-roundcube-maintainers/attachments/20180409/57cbd026/attachment.sig>
More information about the Pkg-roundcube-maintainers
mailing list