Comment 1 Agostino Sarubbo 2011-03-24 11:11:52 UTC

amd64 ok

Comment 2 Christoph Mende (RETIRED) 2011-03-24 13:16:01 UTC

amd64 done, thanks Agostino

Comment 3 Paweł Hajdan, Jr. (RETIRED) 2011-03-26 11:51:38 UTC

This is a security update.

Comment 4 Brent Baude (RETIRED) 2011-03-26 14:48:23 UTC

ppc done

Comment 5 David Abbott (RETIRED) 2011-03-26 20:56:14 UTC

Tested on x86, all good here ...

Comment 6 Andreas Schürch 2011-03-28 18:45:30 UTC

(In reply to comment #5)
> Tested on x86, all good here ...

+1 :-)

Comment 7 Christian Faulhammer (RETIRED) 2011-03-28 20:12:37 UTC

x86 stable, thanks Andreas and David.

Comment 8 Kacper Kowalik (Xarthisius) (RETIRED) 2011-03-29 03:51:47 UTC

ppc64 stable,

Comment 9 Raúl Porcel (RETIRED) 2011-04-02 15:43:44 UTC

arm stable, sparc is not stable

Comment 10 Tim Sammut (RETIRED) 2011-04-02 15:52:32 UTC

Thanks, everyone. Closing noglsa since these are CSRF vulns.

Comment 11 GLSAMaker/CVETool Bot 2011-06-13 23:25:47 UTC

CVE-2011-1492 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1492):
  steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly
  verify that a request is an expected request for an external Cascading Style
  Sheets (CSS) stylesheet, which allows remote authenticated users to trigger
  arbitrary outbound TCP connections from the server, and possibly obtain
  sensitive information, via a crafted request.

CVE-2011-1491 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1491):
  The login form in Roundcube Webmail before 0.5.1 does not properly handle a
  correctly authenticated but unintended login attempt, which makes it easier
  for remote authenticated users to obtain sensitive information by arranging
  for a victim to login to the attacker's account and then compose an e-mail
  message, related to a "login CSRF" issue.