Summary: | <mail-client/roundcube-1.1.4: Remote Code Execution (CVE-2015-8770) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Yury German <blueknight> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | candrews, dan, titanofold, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.htbridge.com/advisory/HTB23283 | ||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Yury German
2015-12-31 07:22:52 UTC
commit 8a3bcf93eba9de75950be6b0cf1c09b3edf36171 Author: Aaron W. Swenson <titanofold@gentoo.org> Date: Thu Jan 14 13:45:54 2016 -0500 mail-client/roundcube: Version Bump Version bump fixes bug 570834 and addresses multiple security bugs. Bug: 570834,564476,570336 Package-Manager: portage-2.2.20.1 Stabilization targets: =mail-client/roundcube-1.1.4 ~amd64 ~hppa ~ppc ~sparc ~x86 Stabilization targets pending resolution of 571920: =mail-client/roundcube-1.1.4 ~arm ~ppc64 ppc stable Why is PPC64 even here? Same for HPPA. x86 done arm stable sparc has nothing to do here amd64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. commit fddb2b8c50395843639b43ea9a908a94bc887924 Author: Aaron W. Swenson <titanofold@gentoo.org> Date: Thu Jan 21 08:51:17 2016 -0500 mail-client/roundcube: Remove Insecure Versions Removed insecure versions 1.0.5, 1.0.6, and 1.1.3. Bug: 554866, 564476, 570336 Package-Manager: portage-2.2.26 New GLSA request filed CVE has been published. Removing block as this is all in one GLSA across multiple versions. This issue was resolved and addressed in GLSA 201603-03 at https://security.gentoo.org/glsa/201603-03 by GLSA coordinator Sergey Popov (pinkbyte). |