[Pkg-roundcube-maintainers] Bug#897014: roundcube: CVE-2018-1000071
carnil at debian.org
Fri Apr 27 06:50:30 BST 2018
Tags: security upstream
The following vulnerability was published for roundcube, filling just
a bug in the BTS to keep a BTS reference for it, as discussed enigma
plugin is not working out of the box on its own currently.
| roundcube version 1.3.4 and earlier contains an Insecure Permissions
| vulnerability in enigma plugin that can result in exfiltration of gpg
| private key. This attack appear to be exploitable via network
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
More information about the Pkg-roundcube-maintainers