[Bug 223557] security/vuxml: Document vulnerability in roundcube (CVE-2017-16651)

Thu Nov 9 11:16:05 UTC 2017

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223557

            Bug ID: 223557
           Summary: security/vuxml: Document vulnerability in roundcube
                    (CVE-2017-16651)
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://github.com/roundcube/roundcubemail/releases/ta
                    g/1.3.3
                OS: Any
            Status: New
          Keywords: patch, security
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-secteam at FreeBSD.org
          Reporter: vlad-fbsd at acheronmedia.com
                CC: ale at FreeBSD.org
          Assignee: ports-secteam at FreeBSD.org
             Flags: maintainer-feedback?(ports-secteam at FreeBSD.org)

Created attachment 187878
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=187878&action=edit
Document CVE-2017-16651

Roundcube before 1.3.3 contains a file disclosure vulnerability caused by
insufficient input validation in conjunction with file-based attachment
plugins, which are used by default. More details will be published under
CVE-2017-16651.

Attached is a patch that documents this.

The port has been updated (See bug #223547).

-- 
You are receiving this mail because:
You are the assignee for the bug.