-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : roundcube Version : 0.7.2-9+deb7u5 Debian Bug : 847287
It was discovered that there was a vulnerability where a remote user could execute arbitrary commands in Roundcube, a webmail solution for IMAP servers, by sending a specially crafted email. This was due to lack of sanitisation of the arguments to PHP's "mail" function. For Debian 7 "Wheezy", this issue has been fixed in roundcube version 0.7.2-9+deb7u5. We recommend that you upgrade your roundcube packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlhJrckACgkQHpU+J9Qx Hlgkeg/7BR8+OXVKZhJwepA6HKVtZ7csUeQ+tRKXM7m9MmMJiMXbS8LCpAs7d2QG np+qWomusv24j/y3ndRsN3qTOPfu/7j9Xd133vrK/RSsbBF2wIuH+6pPhP5Af9Mk obmhNUpnn0US4tH8tNgesgBi3WLyzKtsswbVTicBTYQAL32yTGsmYQ0WHHlE5XcK achr4djIzV9C2uxazg7jXsOpp6V7y02rRtdoPcBtLudzDdSjyfgUyR7k/7ELm82Q oFWKZvfd3p/IgqBLBaBabVxDhUfgFvbo2pJhg18D+nbSkMHjut8sUC9KsPtAY03Q CGHH29C+5Rm+cT1joPxthFksL6GvjP37EWBKGpF0WZ3109A8I/+cnO3uadA3SgSE pTqZuuOJVk+RKBsJmJTvJBoMFoZDRFw7386s1WwgxRs3cIg0SgfknAsl/b4GTT/z WS32EqgBPdTYplyDn/GfCwwEuY7j8SD866JCU7qIwG9s2qm/cEaA8k75HkVaRH85 E4yh7ot6Hq7nhPQzE+ncoqUJXRdNi+DqdDmuMeVl1HXCx9jj/soyF3hxgFBDY1dc xfbTsvAX40S3rXu57j0Z6v3TT5bsMy56zCer8NeqF/6H3KzxXHREJE8q28in2hRq 9CzjKiuEWm4TnEromud4+B0NP5+bZIKAN2BvNhpwGFTD8lRvlWo= =tczY -----END PGP SIGNATURE-----