------------------------------------------------------------------------- Debian LTS Advisory DLA-4211-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin June 09, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : roundcube Version : 1.4.15+dfsg.1-1+deb11u5 CVE ID : CVE-2025-49113 Debian Bug : 1107073 Kirill Firsov discovered that Roundcube, a skinnable AJAX based webmail solution for IMAP servers, was performing PHP Object deserialization on unvalidated input, which could lead to remote code execution by an authenticated attacker. For Debian 11 bullseye, these problems have been fixed in version 1.4.15+dfsg.1-1+deb11u5. We recommend that you upgrade your roundcube packages. For the detailed security status of roundcube please refer to its security tracker page at: https://security-tracker.debian.org/tracker/roundcube Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature