FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

roundcube -- multiple vulnerabilities

Affected packages
1.1.0,1 <= roundcube < 1.1.2,1
roundcube < 1.0.6,1


VuXML ID 038a5808-24b3-11e5-b0c8-bf4d8935d4fa
Discovery 2015-05-30
Entry 2015-07-07

Roundcube reports:

We just published updates to both stable versions 1.0 and 1.1 after fixing many minor bugs and adding some security improvements to the 1.1 release branch. Version 1.0.6 comes with cherry-picked fixes from the more recent version to ensure proper long term support especially in regards of security and compatibility.

The security-related fixes in particular are:

* XSS vulnerability in _mbox argument
* security improvement in contact photo handling
* potential info disclosure from temp directory


CVE Name CVE-2015-5381
CVE Name CVE-2015-5383