Bug 223557 - security/vuxml: Document vulnerability in roundcube (CVE-2017-16651)
Summary: security/vuxml: Document vulnerability in roundcube (CVE-2017-16651)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Danilo G. Baio
URL: https://github.com/roundcube/roundcub...
Keywords: patch, security
Depends on:
Blocks: 223547
  Show dependency treegraph
 
Reported: 2017-11-09 11:16 UTC by VK
Modified: 2017-11-11 17:30 UTC (History)
2 users (show)

See Also:


Attachments
Document CVE-2017-16651 (1.57 KB, patch)
2017-11-09 11:16 UTC, VK
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description VK freebsd_triage 2017-11-09 11:16:04 UTC
Created attachment 187878 [details]
Document CVE-2017-16651

Roundcube before 1.3.3 contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default. More details will be published under CVE-2017-16651.

Attached is a patch that documents this.

The port has been updated (See bug #223547).
Comment 1 commit-hook freebsd_committer freebsd_triage 2017-11-11 17:30:05 UTC
A commit references this bug:

Author: dbaio
Date: Sat Nov 11 17:29:26 UTC 2017
New revision: 453982
URL: https://svnweb.freebsd.org/changeset/ports/453982

Log:
  security/vuxml: Document vulnerability in in mail/roundcube

  PR:		223557
  Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
  Security:	CVE-2017-16651

Changes:
  head/security/vuxml/vuln.xml
Comment 2 Danilo G. Baio freebsd_committer freebsd_triage 2017-11-11 17:30:59 UTC
Committed with slight changes, thanks!