FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

roundcube -- multiple vulnerabilities

Affected packages
1.1.0,1 <= roundcube < 1.1.2,1
roundcube < 1.0.6,1

Details

VuXML ID 038a5808-24b3-11e5-b0c8-bf4d8935d4fa
Discovery 2015-05-30
Entry 2015-07-07

Roundcube reports:

We just published updates to both stable versions 1.0 and 1.1 after fixing many minor bugs and adding some security improvements to the 1.1 release branch. Version 1.0.6 comes with cherry-picked fixes from the more recent version to ensure proper long term support especially in regards of security and compatibility.

The security-related fixes in particular are:

* XSS vulnerability in _mbox argument
* security improvement in contact photo handling
* potential info disclosure from temp directory

References

CVE Name CVE-2015-5381
CVE Name CVE-2015-5383
Message http://openwall.com/lists/oss-security/2015/07/06/10
URL https://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released/