MGASA-2013-0325

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2013-0325.html

Import Source

https://advisories.mageia.org/MGASA-2013-0325.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2013-0325

Related

CVE-2013-6172

Published

2013-11-18T14:35:57Z

Modified

2013-11-18T14:35:53Z

Summary

Updated roundcubemail package fixes security vulnerability

Details

It was discovered that roundcube does not properly sanitize the session parameter in steps/utils/savepref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing random file access, manipulated SQL queries and even code execution (CVE-2013-6172).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:2 / roundcubemail

Package

Name: roundcubemail
Purl: pkg:rpm/mageia/roundcubemail?distro=mageia-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7.4-1.3.mga2

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / roundcubemail

Package

Name: roundcubemail
Purl: pkg:rpm/mageia/roundcubemail?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.5-1.mga3

Ecosystem specific

{
    "section": "core"
}