Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 463554 (CVE-2013-1904)

Summary: <mail-client/roundcube-0.8.6: generic_message_footer File disclosure (CVE-2013-1904)
Product: Gentoo Security Reporter: Philippe Chaintreuil <gentoo_bugs_peep>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://sourceforge.net/news/?group_id=139281&id=310497
Whiteboard: B3 [noglsa]
Package list:
Runtime testing required: ---

Description Philippe Chaintreuil 2013-03-28 00:55:05 UTC 
Roundcube has released a bug fix version of their new 0.8.x line.  Contains a bug fix for "a recently reported vulnerability that allows an attacker to access files on the server."  (Attacker in this case is a user of your mail system, not a random joe from anywhere.)

I haven't tried yet, but usually just renaming the last ebuild is all roundcube needs to be updated.

Reproducible: Always




Security issue, so I'm going to mark critical.  Let me know if I shouldn't have.
Comment 1 Philippe Chaintreuil 2013-03-28 01:01:46 UTC 
I just noticed that we've added 0.9 beta & RC1 to the tree.  It looks like they've released 0.9 RC2 to address this.
Comment 2 Tim Harder gentoo-dev 2013-03-28 02:43:27 UTC 
Arches please stabilize:
=mail-client/roundcube-0.8.6
Comment 3 Vicente Olivert Riera (RETIRED) gentoo-dev 2013-03-28 14:49:47 UTC 
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2013-03-30 09:37:29 UTC 
ppc stable
Comment 5 Agostino Sarubbo gentoo-dev 2013-03-30 12:58:33 UTC 
x86 stable
Comment 6 Tobias Heinlein (RETIRED) gentoo-dev 2013-03-31 14:49:49 UTC 
Ready for vote, I vote NO.
Comment 7 Agostino Sarubbo gentoo-dev 2013-04-02 12:09:34 UTC 
arm stable
Comment 8 Sean Amoss (RETIRED) gentoo-dev Security 2013-04-06 21:13:55 UTC 
GLSA vote: no. 

Closing noglsa.