Debian: DSA-3541-1: roundcube security update
Debian: DSA-3541-1: roundcube security update
High-Tech Bridge Security Research Lab discovered that Roundcube, a webmail client, contained a path traversal vulnerability. This flaw could be exploited by an attacker to access sensitive files on the server, or even execute arbitrary code.
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3541-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Sebastien Delafond April 05, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : roundcube CVE ID : CVE-2015-8770 High-Tech Bridge Security Research Lab discovered that Roundcube, a webmail client, contained a path traversal vulnerability. This flaw could be exploited by an attacker to access sensitive files on the server, or even execute arbitrary code. For the oldstable distribution (wheezy), this problem has been fixed in version 0.7.2-9+deb7u2. For the testing (stretch) and unstable (sid) distributions, this problem has been fixed in version 1.1.4+dfsg.1-1. We recommend that you upgrade your roundcube packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.