Information on source package roundcube

Available versions

ReleaseVersion
stretch (security)1.2.3+dfsg.1-4+deb9u3
buster1.3.8+dfsg.1-2
bullseye1.3.8+dfsg.1-2
sid1.3.8+dfsg.1-2

Open issues

BugstretchbusterbullseyesidDescription
CVE-2019-15237vulnerablevulnerablevulnerablevulnerableRoundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, ...
CVE-2019-10740vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableIn Roundcube Webmail 1.3.4, an attacker in possession of S/MIME or PGP ...
CVE-2018-19205vulnerable (no DSA, ignored)fixedfixedfixedRoundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warni ...

Open unimportant issues

BugstretchbusterbullseyesidDescription
CVE-2018-1000071fixedvulnerablevulnerablevulnerableroundcube version 1.3.4 and earlier contains an Insecure Permissions v ...

Resolved issues

BugDescription
CVE-2018-9846In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin ena ...
CVE-2018-19206steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use ...
CVE-2017-8114Roundcube Webmail allows arbitrary password resets by authenticated us ...
CVE-2017-6820rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is su ...
CVE-2017-16651Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before ...
CVE-2016-9920steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2 ...
CVE-2016-4552Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1 ...
CVE-2016-4069Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail b ...
CVE-2016-4068Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1 ...
CVE-2015-8864Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1 ...
CVE-2015-8794Absolute path traversal vulnerability in program/steps/addressbook/pho ...
CVE-2015-8793Cross-site scripting (XSS) vulnerability in program/include/rcmail.php ...
CVE-2015-8770Directory traversal vulnerability in the set_skin function in program/ ...
CVE-2015-8105Cross-site scripting (XSS) vulnerability in program/js/app.js in Round ...
CVE-2015-5383Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain ...
CVE-2015-5382program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 ...
CVE-2015-5381Cross-site scripting (XSS) vulnerability in program/include/rcmail.php ...
CVE-2015-2181Multiple buffer overflows in the DBMail driver in the Password plugin ...
CVE-2015-2180The DBMail driver in the Password plugin in Roundcube before 1.1.0 all ...
CVE-2015-1433program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does ...
CVE-2014-9587Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcub ...
CVE-2013-6172steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x ...
CVE-2013-5646Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git ...
CVE-2013-5645Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webma ...
CVE-2013-1904Absolute path traversal vulnerability in steps/mail/sendmail.inc in Ro ...
CVE-2012-6121Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0 ...
CVE-2012-4668Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 an ...
CVE-2012-3508Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in ...
CVE-2012-3507Cross-site scripting (XSS) vulnerability in program/steps/mail/func.in ...
CVE-2012-1253Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0 ...
CVE-2011-4078include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5. ...
CVE-2011-2937Cross-site scripting (XSS) vulnerability in the UI messages functional ...
CVE-2011-1492steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not prop ...
CVE-2011-1491The login form in Roundcube Webmail before 0.5.1 does not properly han ...
CVE-2010-0464Roundcube 0.3.1 and earlier does not request that the web browser avoi ...
CVE-2009-4077Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0 ...
CVE-2009-4076Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0 ...
CVE-2009-0413Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcu ...
CVE-2008-5620RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attack ...
CVE-2008-5619html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMaile ...
CVE-2007-6321Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, ...
CVE-2005-4368roundcube webmail Alpha, with a default high verbose level ($rcmail_co ...

Security announcements

DSA / DLADescription
DSA-4344-1roundcube - security update
DSA-4181-1roundcube - security update
DLA-1193-1roundcube - security update
DSA-4030-1roundcube - security update
DLA-613-2roundcube - regression update
DLA-933-1roundcube - security update
DLA-855-1roundcube - security update
DLA-737-1roundcube - security update
DLA-613-1roundcube - security update
DLA-537-1roundcube - security update
DSA-3541-1roundcube - security update
DLA-392-1roundcube - security update
DSA-2787-1roundcube - design error

Search for package or bug name: Reporting problems