Summary: | <mail-client/roundcube-{1.3.11,1.4.4}: Multiple vulnerabilities (CVE-2020-{12641,12625,12626,12640}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | ajak, bertrand, dan, titanofold, web-apps |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10 | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=720142 https://bugs.gentoo.org/show_bug.cgi?id=720144 https://bugs.gentoo.org/show_bug.cgi?id=711270 https://bugs.gentoo.org/show_bug.cgi?id=726944 |
||
Whiteboard: | B1 [glsa+ cve] | ||
Package list: |
mail-client/roundcube-1.3.11
|
Runtime testing required: | --- |
Description
Sam James
2020-05-04 03:58:09 UTC
@maintainer(s), please bump to 1.4.4 and 1.3.11. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=08d3ce13b04dd7fb41103d143630e2751f36faf8 commit 08d3ce13b04dd7fb41103d143630e2751f36faf8 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-05-11 10:50:56 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-05-11 10:52:09 +0000 mail-client/roundcube: bump to v1.311 Bug: https://bugs.gentoo.org/720876 Closes: https://bugs.gentoo.org/720144 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> mail-client/roundcube/Manifest | 1 + mail-client/roundcube/roundcube-1.3.11.ebuild | 97 +++++++++++++++++++++++++++ 2 files changed, 98 insertions(+) x86 stable sparc stable @amd64, ping PPC, PPC64, ARM, AMD64? arm stable Looking good on ppc64. # cat roundcube-720876.report USE tests started on Sa 27. Jun 13:39:23 CEST 2020 FEATURES=' test' USE='mysql' succeeded for =mail-client/roundcube-1.3.11 USE='-change-password enigma -ldap -managesieve mysql postgres spell -sqlite -ssl -vhosts' succeeded for =mail-client/roundcube-1.3.11 USE='-change-password enigma ldap managesieve mysql postgres spell sqlite -ssl -vhosts' succeeded for =mail-client/roundcube-1.3.11 USE='-change-password -enigma -ldap -managesieve -mysql postgres -spell -sqlite ssl -vhosts' succeeded for =mail-client/roundcube-1.3.11 USE='-change-password enigma -ldap -managesieve -mysql -postgres -spell sqlite ssl -vhosts' succeeded for =mail-client/roundcube-1.3.11 USE='change-password enigma ldap -managesieve mysql postgres -spell sqlite ssl -vhosts' succeeded for =mail-client/roundcube-1.3.11 USE='change-password -enigma -ldap managesieve -mysql -postgres spell sqlite ssl -vhosts' succeeded for =mail-client/roundcube-1.3.11 USE='-change-password -enigma ldap managesieve mysql -postgres spell sqlite ssl -vhosts' succeeded for =mail-client/roundcube-1.3.11 USE='-change-password -enigma -ldap managesieve mysql postgres spell -sqlite -ssl vhosts' succeeded for =mail-client/roundcube-1.3.11 USE='-change-password enigma ldap managesieve -mysql -postgres spell sqlite -ssl vhosts' succeeded for =mail-client/roundcube-1.3.11 USE='change-password enigma -ldap -managesieve mysql postgres spell sqlite -ssl vhosts' succeeded for =mail-client/roundcube-1.3.11 USE='change-password enigma -ldap managesieve mysql -postgres -spell sqlite ssl vhosts' succeeded for =mail-client/roundcube-1.3.11 USE='change-password enigma ldap managesieve -mysql -postgres spell sqlite ssl vhosts' succeeded for =mail-client/roundcube-1.3.11 Looking good on ppc. # cat roundcube-720876.report USE tests started on Sa 27. Jun 17:52:40 CEST 2020 FEATURES=' test' USE='mysql' succeeded for =mail-client/roundcube-1.3.11 USE='-change-password -enigma -ldap -managesieve mysql postgres spell -sqlite -ssl -vhosts' succeeded for =mail-client/roundcube-1.3.11 USE='change-password enigma -ldap managesieve mysql -postgres -spell sqlite -ssl -vhosts' succeeded for =mail-client/roundcube-1.3.11 USE='change-password enigma -ldap managesieve mysql postgres spell sqlite -ssl -vhosts' succeeded for =mail-client/roundcube-1.3.11 USE='-change-password enigma ldap managesieve mysql -postgres spell -sqlite ssl -vhosts' succeeded for =mail-client/roundcube-1.3.11 USE='-change-password -enigma ldap -managesieve -mysql postgres spell -sqlite ssl -vhosts' succeeded for =mail-client/roundcube-1.3.11 USE='change-password enigma -ldap -managesieve -mysql -postgres spell sqlite ssl -vhosts' succeeded for =mail-client/roundcube-1.3.11 USE='change-password -enigma ldap managesieve mysql postgres -spell -sqlite -ssl vhosts' succeeded for =mail-client/roundcube-1.3.11 USE='-change-password -enigma -ldap managesieve mysql postgres -spell sqlite -ssl vhosts' succeeded for =mail-client/roundcube-1.3.11 USE='change-password enigma ldap -managesieve mysql -postgres spell sqlite -ssl vhosts' succeeded for =mail-client/roundcube-1.3.11 USE='-change-password enigma ldap managesieve mysql postgres spell sqlite -ssl vhosts' succeeded for =mail-client/roundcube-1.3.11 USE='change-password -enigma -ldap -managesieve mysql postgres -spell sqlite ssl vhosts' succeeded for =mail-client/roundcube-1.3.11 USE='-change-password -enigma -ldap managesieve -mysql postgres spell sqlite ssl vhosts' succeeded for =mail-client/roundcube-1.3.11 ppc/ppc64 stable thanks to ernsteiswuerfel \o/ amd64: ping amd64 stable ---- Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=637bca0e8feef63e8d6578d81bf342ac1d8e1e65 commit 637bca0e8feef63e8d6578d81bf342ac1d8e1e65 Author: Aaron W. Swenson <titanofold@gentoo.org> AuthorDate: 2020-07-23 20:31:54 +0000 Commit: Aaron W. Swenson <titanofold@gentoo.org> CommitDate: 2020-07-23 20:39:56 +0000 mail-client/roundcube: Cleanup Bug: https://bugs.gentoo.org/720876 Bug: https://bugs.gentoo.org/726944 Closes: https://bugs.gentoo.org/705388 Package-Manager: Portage-2.3.99, Repoman-2.3.23 Signed-off-by: Aaron W. Swenson <titanofold@gentoo.org> mail-client/roundcube/Manifest | 7 -- mail-client/roundcube/roundcube-1.3.10.ebuild | 96 --------------------------- mail-client/roundcube/roundcube-1.3.8.ebuild | 96 --------------------------- mail-client/roundcube/roundcube-1.3.9.ebuild | 96 --------------------------- mail-client/roundcube/roundcube-1.4.0.ebuild | 73 -------------------- mail-client/roundcube/roundcube-1.4.1.ebuild | 73 -------------------- mail-client/roundcube/roundcube-1.4.2.ebuild | 73 -------------------- mail-client/roundcube/roundcube-1.4.3.ebuild | 73 -------------------- 8 files changed, 587 deletions(-) This issue was resolved and addressed in GLSA 202007-41 at https://security.gentoo.org/glsa/202007-41 by GLSA coordinator Sam James (sam_c). |