oss-sec mailing list archives
Re: Re: CVE Request - roundcubemail
From: Florian Weimer <fw () deneb enyo de>
Date: Sat, 13 Dec 2008 19:07:59 +0100
* Florian Weimer:
* Raphael Geissert:I became aware of some sort of code execution vulnerability one day before that ticket was reported. After reviewing the file I determined that it isn't a vulnerability in roundcube, but in PHP itself; but I'm open to be proved wrong.I think this is a documented feature of preg_replace with the "e" flag, comparable to what happens when you use string concatenation to create SQL statements.
Scratch that, I had an off-by-one error in matching search/replace terms. 8-( Therefore, I agree with Raphael that the issue has not been found yet.
Current thread:
- CVE Request - roundcubemail Jan Lieskovsky (Dec 12)
- Re: CVE Request - roundcubemail Raphael Geissert (Dec 13)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 13)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 13)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 13)
- Re: Re: CVE Request - roundcubemail Steven M. Christey (Dec 16)
- Re: Re: CVE Request - roundcubemail Jan Lieskovsky (Dec 17)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 17)
- Re: Re: CVE Request - roundcubemail Steven M. Christey (Dec 24)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 28)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 13)
- Re: CVE Request - roundcubemail Raphael Geissert (Dec 13)
- Re: Re: CVE Request - roundcubemail Jan Lieskovsky (Dec 15)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 15)
- Re: Re: CVE Request - roundcubemail Christian Hoffmann (Dec 15)
- Re: Re: CVE Request - roundcubemail Raphael Geissert (Dec 16)