Bug 223557

Summary: security/vuxml: Document vulnerability in roundcube (CVE-2017-16651)
Product: Ports & Packages Reporter: VK <vlad-fbsd>
Component: Individual Port(s)Assignee: Danilo G. Baio <dbaio>
Status: Closed FIXED    
Severity: Affects Some People CC: ale, dbaio
Priority: --- Keywords: patch, security
Version: Latest   
Hardware: Any   
OS: Any   
URL: https://github.com/roundcube/roundcubemail/releases/tag/1.3.3
See Also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223547
Bug Depends on:    
Bug Blocks: 223547    
Attachments:
Description Flags
Document CVE-2017-16651 none

Description VK 2017-11-09 11:16:04 UTC 
Created attachment 187878 [details]
Document CVE-2017-16651

Roundcube before 1.3.3 contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default. More details will be published under CVE-2017-16651.

Attached is a patch that documents this.

The port has been updated (See bug #223547).
Comment 1 commit-hook freebsd_committer freebsd_triage 2017-11-11 17:30:05 UTC 
A commit references this bug:

Author: dbaio
Date: Sat Nov 11 17:29:26 UTC 2017
New revision: 453982
URL: https://svnweb.freebsd.org/changeset/ports/453982

Log:
  security/vuxml: Document vulnerability in in mail/roundcube

  PR:		223557
  Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
  Security:	CVE-2017-16651

Changes:
  head/security/vuxml/vuln.xml
Comment 2 Danilo G. Baio freebsd_committer freebsd_triage 2017-11-11 17:30:59 UTC 
Committed with slight changes, thanks!