oss-sec mailing list archives
Re: CVE Request - roundcubemail
From: Raphael Geissert <atomo64+debian () gmail com>
Date: Fri, 12 Dec 2008 19:45:17 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Jan Lieskovsky wrote:
Hello Steve, this will need a new CVE identifier: http://trac.roundcube.net/ticket/1485618 http://trac.roundcube.net/changeset/2148
I became aware of some sort of code execution vulnerability one day before that ticket was reported. After reviewing the file I determined that it isn't a vulnerability in roundcube, but in PHP itself; but I'm open to be proved wrong. Note that I have not yet determined how exactly the vulnerability is being exploited, but am working on it. Cheers, - -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAklDE64ACgkQYy49rUbZzlpO+QCfWpIGeSzor9+Su4bKGB640jq/ mp8AoJ/7u4opntkHMBIUt8KomFXSW9Ts =gYTB -----END PGP SIGNATURE-----
Current thread:
- CVE Request - roundcubemail Jan Lieskovsky (Dec 12)
- Re: CVE Request - roundcubemail Raphael Geissert (Dec 13)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 13)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 13)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 13)
- Re: Re: CVE Request - roundcubemail Steven M. Christey (Dec 16)
- Re: Re: CVE Request - roundcubemail Jan Lieskovsky (Dec 17)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 17)
- Re: Re: CVE Request - roundcubemail Steven M. Christey (Dec 24)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 28)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 13)
- Re: CVE Request - roundcubemail Raphael Geissert (Dec 13)
- Re: Re: CVE Request - roundcubemail Jan Lieskovsky (Dec 15)
- Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 15)