Debian Bug report logs -
#791643
roundcube: CVE-2015-5381 CVE-2015-5382 CVE-2015-5383
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 7 Jul 2015 05:03:02 UTC
Severity: important
Tags: fixed-upstream, security, upstream
Found in version roundcube/1.1.1+dfsg.1-1
Fixed in version 1.1.2+dfsg.1-1
Done: Sandro Knauß <bugs@sandroknauss.de>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org>
:
Bug#791643
; Package src:roundcube
.
(Tue, 07 Jul 2015 05:03:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org>
.
(Tue, 07 Jul 2015 05:03:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: roundcube
Version: 1.1.1+dfsg.1-1
Severity: important
Tags: security upstream fixed-upstream
Hi,
the following vulnerabilities were published for roundcube.
CVE-2015-5381[0]:
XSS vulnerability in _mbox argument
CVE-2015-5382[1]:
security improvement in contact photo handling
CVE-2015-5383[2]:
potential info disclosure from temp directory
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-5381
[1] https://security-tracker.debian.org/tracker/CVE-2015-5382
[2] https://security-tracker.debian.org/tracker/CVE-2015-5383
Regards,
Salvatore
Reply sent
to bugs@sandroknauss.de
:
You have taken responsibility.
(Fri, 21 Aug 2015 06:57:04 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Fri, 21 Aug 2015 06:57:04 GMT) (full text, mbox, link).
Message #10 received at 791643-done@bugs.debian.org (full text, mbox, reply):
Version: 1.1.2+dfsg.1-1
since it was not done via the changelog.
Reagards,
sandro
--
Am Dienstag, 7. Juli 2015, 06:58:05 schrieb Salvatore Bonaccorso:
> Source: roundcube
> Version: 1.1.1+dfsg.1-1
> Severity: important
> Tags: security upstream fixed-upstream
>
> Hi,
>
> the following vulnerabilities were published for roundcube.
>
> CVE-2015-5381[0]:
> XSS vulnerability in _mbox argument
>
> CVE-2015-5382[1]:
> security improvement in contact photo handling
>
> CVE-2015-5383[2]:
> potential info disclosure from temp directory
>
> If you fix the vulnerabilities please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2015-5381
> [1] https://security-tracker.debian.org/tracker/CVE-2015-5382
> [2] https://security-tracker.debian.org/tracker/CVE-2015-5383
>
> Regards,
> Salvatore
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Thu, 03 Dec 2015 07:28:24 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:28:57 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.