[Bug 316550] Re: [CVE-2008-5619] [CVE-2008-5620] - Roundcube vulnerable and actively exploited
Launchpad Bug Tracker
316550 at bugs.launchpad.net
Thu Feb 26 15:11:08 UTC 2009
This bug was fixed in the package roundcube - 0.1~rc2-6ubuntu0.1
---------------
roundcube (0.1~rc2-6ubuntu0.1) hardy-security; urgency=low
* SECURITY UPDATE: denial of service (memory consumption) via
crafted size parameters that are used to create a large quota
image - CVE-2008-5620 (LP: #316550)
- debian/patches/cve-2008-5620.patch
+ Backported from Debian
* SECURITY UPDATE: allows remote attackers to execute arbitrary
code via crafted input that is processed by the preg_replace
function with the eval switch. - CVE-2008-56-19 (LP: #316550)
- debian/patches/cve-2008-5619.patch
+ Backport from Debian.
-- Andrew Starr-Bochicchio <a.starr.b at gmail.com> Thu, 19 Feb 2009
13:06:58 -0500
--
[CVE-2008-5619] [CVE-2008-5620] - Roundcube vulnerable and actively exploited
https://bugs.launchpad.net/bugs/316550
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list