[SECURITY] [DLA 933-1] roundcube security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : roundcube
Version : 0.7.2-9+deb7u7
CVE ID : CVE-2017-8114
Debian Bug : 861388
Roundcube Webmail allows arbitrary password resets by authenticated users.
The issue is caused by an improperly restricted exec call in the virtualmin
and sasl drivers of the password plugin.
For Debian 7 "Wheezy", these problems have been fixed in version
0.7.2-9+deb7u7.
We recommend that you upgrade your roundcube packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlkPl6JfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSA0w/+LK0LefPnvnX9cEb3YEnm+XRcyk/WiHnIY7uYS4hwIgRXFIxJUy41C7sy
EKu2UrLeiBSgUa0PKX94IOvn3PPuOeri/bomsGdm82uzMFesgm6rQNXBHXVsnvsu
rt3OmrCmjQ4OHiyJm5m3o2qIN+6HCbjMfEjYFMVeckYGplv8raH2+VJZLrCrSpM4
DnAqcPMqU0vTX/yVYfS8pHMLphMp55HZj3bA4Hq4Y5DabSAVNmyMzQRDflrbqUuo
jxFE8RmauwO7vaojzQnQyMznXK+8rUVcoFOLZFJBmbJwfMHK71YrURyYRPQUkj0q
lJMwWRD0Dp9kJcAZCiiCrwEwCW4NU6lrRmah8XC62V1B+UyJwb9/SdCR8xEV/SqL
ntep3HN37162vCOac4x+VrYv5pN4/IK85BvMUDfxsNlyxMy24lx0WvtvklieHfym
zxSPAZ5d+LP1vvcKqC7MDV+L1kVvE0Pv/BKU28rtrZsMunifiX3Qi6VcsjHDng/F
G6JkOyYa3XnogHIE3f3SVzLkOqFG+TddE343MvNv28IVcY6evmoV6PanvhSiWf7e
Z4qrh92G3JoYD4MHMUX+yh3H8UJwYGK4R/NAjvoaYL7H/jhjsfb0Gfc3+zAbGen9
QZ+wk7u5ctNkcGaPuBGaoTgtW9Ww8nBSC+skX6DafmdCwOfEGjs=
=j3Qf
-----END PGP SIGNATURE-----
Reply to: