Date: Wed, 08 Nov 2017 23:42:47 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 223547] mail/roundcube: Update to 1.3.3, fixes security vulnerability (CVE-2017-16651) Message-ID: <bug-223547-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223547 Bug ID: 223547 Summary: mail/roundcube: Update to 1.3.3, fixes security vulnerability (CVE-2017-16651) Product: Ports & Packages Version: Latest Hardware: Any URL: https://roundcube.net/news/2017/11/08/security-updates -1.3.3-1.2.7-and-1.1.10 OS: Any Status: New Keywords: patch, security Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: ale@FreeBSD.org Reporter: vlad-fbsd@acheronmedia.com Assignee: ale@FreeBSD.org Flags: maintainer-feedback?(ale@FreeBSD.org), merge-quarterly? Created attachment 187870 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D187870&action= =3Dedit Update roundcube to 1.3.3 A security vulnerability has been discovered in Roundcube, and "... is alre= ady being used by hackers to read Roundcube=E2=80=99s configuration files. It r= equires a valid username/password as the exploit only works with a valid session. More details will be published soon under CVE-2017-16651." * https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.= 1.10 Attached is a version bump patch. Builds with Poudriere, 11.1, amd64. VuXML entry pending. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-223547-13>