Hi, will there also be a fixed wheezy-backports version? It is at 0.9.5. Regards Christoph Am 08.12.2016 um 20:01 schrieb Chris Lamb: > Package : roundcube > Version : 0.7.2-9+deb7u5 > Debian Bug : 847287 > > It was discovered that there was a vulnerability where a remote user could > execute arbitrary commands in Roundcube, a webmail solution for IMAP > servers, by sending a specially crafted email. > > This was due to lack of sanitisation of the arguments to PHP's "mail" > function. > > For Debian 7 "Wheezy", this issue has been fixed in roundcube version > 0.7.2-9+deb7u5. > > We recommend that you upgrade your roundcube packages. > > > Regards, > > -- ============================================================================ Christoph Martin, Leiter Unix-Systeme Zentrum für Datenverarbeitung, Uni-Mainz, Germany Anselm Franz von Bentzel-Weg 12, 55128 Mainz Telefon: +49(6131)3926337 Instant-Messaging: Jabber: martin@uni-mainz.de (Siehe http://www.zdv.uni-mainz.de/4010.php)
begin:vcard fn:Christoph Martin n:Martin;Christoph org;quoted-printable;quoted-printable:Johannes Gutenberg-Universit=C3=A4t Mainz;Zentrum f=C3=BCr Datenverarbeitung adr:;;Anselm Franz von Bentzel-Weg 12;Mainz;Rheinland-Pfalz;55128;Germany email;internet:martin@uni-mainz.de title:Leiter Unix-Systeme tel;work:+49-6131-3926337 tel;fax:+49-6131-3926407 tel;cell:+49-179-7952652 x-mozilla-html:FALSE version:2.1 end:vcard
Attachment:
signature.asc
Description: OpenPGP digital signature