FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

roundcube -- arbitrary file disclosure vulnerability

Affected packages
roundcube < 0.8.6,1

Details

VuXML ID a592e991-a919-11e2-ade0-8c705af55518
Discovery 2013-03-27
Entry 2013-04-19

RoundCube development team reports:

After getting reports about a possible vulnerability of Roundcube which allows an attacker to modify its users preferences in a way that he/she can then read files from the server, we now published updated packages as well as patches that fix this security issue.

References

CVE Name CVE-2013-1904
URL https://secunia.com/advisories/52806/