Created attachment 192464 [details]
Roundcube had an important update in upstream.
including fixes for a recently discovered IMAP command injection vulnerability caused by insufficient input validation within the archive plugin (CVE-2018-9846)
Also back-porting some minor fixes from the master branch which improve PHP 7.2 compatibility as well as PGP signing and key handling for enigma-plugin.
The attached patch updates the port and also the other patch updates the vuxml entry.
Created attachment 192465 [details]
A commit references this bug:
Date: Fri Apr 13 07:19:32 UTC 2018
New revision: 467213
Update to 1.3.6 release.
Submitted by: mmokhi
Comment on attachment 192465 [details]
This patch has already been committed.
@mmokhi you don't need explicit approval for vuxml updates. Please feel free to commit on your own to after making sure vuln.xml passes the validation checks.
(In reply to Thomas Zander from comment #3)
riggs@ Thanks for the point :) I now learned new things as well.