Information on source package roundcube

Available versions

ReleaseVersion
wheezy0.7.2-9+deb7u2
wheezy (security)0.7.2-9+deb7u7
stretch1.2.3+dfsg.1-4
buster1.2.3+dfsg.1-4
sid1.2.3+dfsg.1-4

Open issues

BugwheezystretchbustersidDescription
CVE-2013-5645vulnerable (no DSA)fixedfixedfixedMultiple cross-site scripting (XSS) vulnerabilities in Roundcube ...

Resolved issues

BugDescription
CVE-2017-8114Roundcube Webmail allows arbitrary password resets by authenticated ...
CVE-2017-6820rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is ...
CVE-2016-9920steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before ...
CVE-2016-4552Cross-site scripting (XSS) vulnerability in Roundcube Webmail before ...
CVE-2016-4069Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail ...
CVE-2016-4068Cross-site scripting (XSS) vulnerability in Roundcube Webmail before ...
CVE-2015-8864Cross-site scripting (XSS) vulnerability in Roundcube Webmail before ...
CVE-2015-8794Absolute path traversal vulnerability in ...
CVE-2015-8793Cross-site scripting (XSS) vulnerability in program/include/rcmail.php ...
CVE-2015-8770Directory traversal vulnerability in the set_skin function in ...
CVE-2015-8105Cross-site scripting (XSS) vulnerability in program/js/app.js in ...
CVE-2015-5383Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain ...
CVE-2015-5382program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 ...
CVE-2015-5381Cross-site scripting (XSS) vulnerability in program/include/rcmail.php ...
CVE-2015-2181Multiple buffer overflows in the DBMail driver in the Password plugin ...
CVE-2015-2180The DBMail driver in the Password plugin in Roundcube before 1.1.0 ...
CVE-2015-1433program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does ...
CVE-2014-9587Multiple cross-site request forgery (CSRF) vulnerabilities in ...
CVE-2013-6172steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x ...
CVE-2013-5646Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git ...
CVE-2013-1904Absolute path traversal vulnerability in steps/mail/sendmail.inc in ...
CVE-2012-6121Cross-site scripting (XSS) vulnerability in Roundcube Webmail before ...
CVE-2012-4668Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 ...
CVE-2012-3508Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in ...
CVE-2012-3507Cross-site scripting (XSS) vulnerability in ...
CVE-2012-1253Cross-site scripting (XSS) vulnerability in Roundcube Webmail before ...
CVE-2011-4078include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP ...
CVE-2011-2937Cross-site scripting (XSS) vulnerability in the UI messages ...
CVE-2011-1492steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not ...
CVE-2011-1491The login form in Roundcube Webmail before 0.5.1 does not properly ...
CVE-2010-0464Roundcube 0.3.1 and earlier does not request that the web browser ...
CVE-2009-4077Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail ...
CVE-2009-4076Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail ...
CVE-2009-0413Cross-site scripting (XSS) vulnerability in RoundCube Webmail ...
CVE-2008-5620RoundCube Webmail (roundcubemail) before 0.2-beta allows remote ...
CVE-2008-5619html2text.php in Chuggnutt HTML to Text Converter, as used in ...
CVE-2007-6321Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, ...
CVE-2005-4368roundcube webmail Alpha, with a default high verbose level ...

Security announcements

DSA / DLADescription
DLA-933-1roundcube - security update
DLA-855-1roundcube - security update
DLA-737-1roundcube - security update
DLA-613-1roundcube - security update
DLA-537-1roundcube - security update
DSA-3541-1roundcube - security update
DLA-392-1roundcube - security update
DSA-2787-1roundcube - design error

Search for package or bug name: Reporting problems