Hi, will there also be a fixed wheezy-backports version? It is at 0.9.5.
Regards Christoph Am 08.12.2016 um 20:01 schrieb Chris Lamb: > Package : roundcube > Version : 0.7.2-9+deb7u5 > Debian Bug : 847287 > > It was discovered that there was a vulnerability where a remote user could > execute arbitrary commands in Roundcube, a webmail solution for IMAP > servers, by sending a specially crafted email. > > This was due to lack of sanitisation of the arguments to PHP's "mail" > function. > > For Debian 7 "Wheezy", this issue has been fixed in roundcube version > 0.7.2-9+deb7u5. > > We recommend that you upgrade your roundcube packages. > > > Regards, > > -- ============================================================================ Christoph Martin, Leiter Unix-Systeme Zentrum für Datenverarbeitung, Uni-Mainz, Germany Anselm Franz von Bentzel-Weg 12, 55128 Mainz Telefon: +49(6131)3926337 Instant-Messaging: Jabber: mar...@uni-mainz.de (Siehe http://www.zdv.uni-mainz.de/4010.php)
<<attachment: martin.vcf>>
signature.asc
Description: OpenPGP digital signature
