FreeBSD Bugzilla – Attachment 260885 Details for
Bug 287208
mail/roundcube: upgrade to 1.6.11
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch to update vuxml as well
roundcube1611_vuxml.patch (text/plain), 1.16 KB, created by
FiLiS
on 2025-06-02 07:28:08 UTC
(
hide
)
Description:
patch to update vuxml as well
Filename:
MIME Type:
Creator:
FiLiS
Created:
2025-06-02 07:28:08 UTC
Size:
1.16 KB
patch
obsolete
>diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml >index 62063d41b6..bd79ef1c71 100644 >--- a/security/vuxml/vuln/2025.xml >+++ b/security/vuxml/vuln/2025.xml >@@ -1,3 +1,29 @@ >+ <vuln vid="d7579d3f-3f81-11f0-830d-e0d55ec6feae"> >+ <topic>Post-Auth Remote Code Execution found in Roundcube Webmail</topic> >+ <affects> >+ <package> >+ <name>roundcube</name> >+ <range><lt>1.6.11</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Roundcube Webmail reports:</p> >+ <blockquote cite="https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10"> >+ <p>Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2025-49113</cvename> >+ <url>https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10</url> >+ </references> >+ <dates> >+ <discovery>2025-06-01</discovery> >+ <entry>2025-06-02</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="2926c487-3e53-11f0-95d4-00a098b42aeb"> > <topic>libxml2 -- Out-of-bounds memory access</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=260885">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 287208
:
260857
| 260885