DebianDEBIAN:2FC03B5254B9DCC19C83415137B937FF:A19CF[Backports-security-announce] Security Update for roundcube
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
Holger Levsen uploaded a new package for roundcube which fixed the
following security problems:
CVE-2010-0464
Roundcube 0.3.1 and earlier does not request that the web browser avoid
DNS prefetching of domain names contained in e-mail messages, which makes
it easier for remote attackers to determine the network location of the
webmail user by logging DNS requests.
For the lenny-backports distribution (lenny), these problems have been fixed
in version 0.3.1-3~bpo50+1.
Upgrade instructions
If you don't use pinning (see [1]) you have to update roundcube
manually via "apt-get -t lenny-backports install roundcube".
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>
We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically:
Package: *
Pin: release a=lenny-backports
Pin-Priority: 200
Attachment:
signature.asc
Description: This is a digitally signed message part.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 5 | all | roundcube-core | < 0.3.1-3~bpo50+1 | roundcube-core_0.3.1-3~bpo50+1_all.deb |
| Debian | 5 | all | roundcube-mysql | < 0.3.1-3~bpo50+1 | roundcube-mysql_0.3.1-3~bpo50+1_all.deb |
| Debian | 5 | all | roundcube-sqlite | < 0.3.1-3~bpo50+1 | roundcube-sqlite_0.3.1-3~bpo50+1_all.deb |
| Debian | 5 | all | roundcube-pgsql | < 0.3.1-3~bpo50+1 | roundcube-pgsql_0.3.1-3~bpo50+1_all.deb |
| Debian | 5 | all | roundcube | < 0.3.1-3~bpo50+1 | roundcube_0.3.1-3~bpo50+1_all.deb |
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N