oss-sec mailing list archives

Re: CVE Request - roundcubemail

From: Raphael Geissert <atomo64+debian () gmail com>
Date: Fri, 12 Dec 2008 19:45:17 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Jan Lieskovsky wrote:

Hello Steve,

  this will need a new CVE identifier:
http://trac.roundcube.net/ticket/1485618
http://trac.roundcube.net/changeset/2148


I became aware of some sort of code execution vulnerability one day before that
ticket was reported. After reviewing the file I determined that it isn't a
vulnerability in roundcube, but in PHP itself; but I'm open to be proved wrong.

Note that I have not yet determined how exactly the vulnerability is being
exploited, but am working on it.

Cheers,
- -- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAklDE64ACgkQYy49rUbZzlpO+QCfWpIGeSzor9+Su4bKGB640jq/
mp8AoJ/7u4opntkHMBIUt8KomFXSW9Ts
=gYTB
-----END PGP SIGNATURE-----

Current thread:

CVE Request - roundcubemail Jan Lieskovsky (Dec 12)
- Re: CVE Request - roundcubemail Raphael Geissert (Dec 13)
  - Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 13)
    - Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 13)
    - Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 13)
    - Re: Re: CVE Request - roundcubemail Steven M. Christey (Dec 16)
    - Re: Re: CVE Request - roundcubemail Jan Lieskovsky (Dec 17)
    - Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 17)
    - Re: Re: CVE Request - roundcubemail Steven M. Christey (Dec 24)
    - Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 28)
    - Re: Re: CVE Request - roundcubemail Jan Lieskovsky (Dec 15)
    - Re: Re: CVE Request - roundcubemail Florian Weimer (Dec 15)

(Thread continues...)