Package: roundcube / 0.7.2-9+deb7u2

Metadata

Package Version Patches format
roundcube 0.7.2-9+deb7u2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
dbconfig common_support.patch | (download)

config/db.inc.php.dist | 21 13 + 8 - 0 !
1 file changed, 13 insertions(+), 8 deletions(-)

---
correct_install_path.patch | (download)

program/include/iniset.php | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
use_packaged_tinymce.patch | (download)

program/steps/mail/sendmail.inc | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
use_pspell.patch | (download)

config/main.inc.php.dist | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
loginbox size.patch | (download)

skins/default/common.css | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
default charset utf8.patch | (download)

config/main.inc.php.dist | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
debianize_password_plugin.patch | (download)

plugins/password/README | 11 7 + 4 - 0 !
plugins/password/drivers/chgsaslpasswd.c | 2 1 + 1 - 0 !
plugins/password/drivers/chgvirtualminpasswd.c | 2 1 + 1 - 0 !
3 files changed, 9 insertions(+), 6 deletions(-)

 specify debian path and group names in password plugin
use debian jquery ui.patch | (download)

plugins/jqueryui/jqueryui.php | 10 5 + 5 - 0 !
1 file changed, 5 insertions(+), 5 deletions(-)

---
cve 2012 3508.patch | (download)

program/js/app.js.src | 31 5 + 26 - 0 !
program/steps/mail/compose.inc | 30 23 + 7 - 0 !
2 files changed, 28 insertions(+), 33 deletions(-)

---
uuencoded attachments.patch | (download)

program/include/rcube_message.php | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

---
fix save pref vulnerability.patch | (download)

program/include/rcube_plugin.php | 8 8 + 0 - 0 !
program/include/rcube_plugin_api.php | 6 6 + 0 - 0 !
program/steps/utils/save_pref.inc | 16 16 + 0 - 0 !
3 files changed, 30 insertions(+)

---
CVE 2013 6172.patch | (download)

program/include/rcube_plugin_api.php | 4 3 + 1 - 0 !
program/steps/utils/save_pref.inc | 18 14 + 4 - 0 !
2 files changed, 17 insertions(+), 5 deletions(-)

 fix vulnerability in handling _session argument of utils/save-prefs
 CVE-2013-6172: An attacker can overwrite configuration settings using
 user preferences. This can result in random file access, manipulated
 SQL queries and even code execution.
CVE 2015 8770.patch | (download)

program/include/rcube_template.php | 23 18 + 5 - 0 !
1 file changed, 18 insertions(+), 5 deletions(-)

 cve-2015-8770

Fix directory traversal vulnerability in the set_skin function in
program/include/rcube_template.php that allowed remote authenticated users
with certain permissions to read arbitrary files or possibly execute
arbitrary code.