Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 00d5ba68 by Salvatore Bonaccorso at 2018-03-21T09:22:36+01:00 Reference commit related to CVE-2018-1000071 Commit https://github.com/roundcube/roundcubemail/commit/48417c5fc9f6eb4b90500c09596606d489c700b5 removes the default fallback for enigma_pgp_homedir. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -4073,6 +4073,7 @@ CVE-2018-1000071 (roundcube version 1.3.4 and earlier contains an Insecure Permi [stretch] - roundcube <no-dsa> (Minor issue) [wheezy] - roundcube <no-dsa> (Minor issue) NOTE: https://github.com/roundcube/roundcubemail/issues/6173 + NOTE: https://github.com/roundcube/roundcubemail/commit/48417c5fc9f6eb4b90500c09596606d489c700b5 NOTE: https://www.legacysecuritygroup.com/cve/references/02122018-roundcube-enigma.txt NOTE: Can be mitigated by moving home folder outside the scope of the webserver CVE-2018-1000070 (Bitmessage PyBitmessage version v0.6.2 (and introduced in or after ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/00d5ba687238ee6b306d346a1ab33f7d56d16a63 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/00d5ba687238ee6b306d346a1ab33f7d56d16a63 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits