[RCD] zero day vulnerability (tested on v8.0 to 9.0)

Sergey Sidlyarenko roundcube at lefoyer.ru
Wed Mar 27 17:47:51 CET 2013


This path 
https://github.com/roundcube/roundcubemail/commit/0fcb2b139bf0c50dec3b82898434f203c21d847f 
not secure because only limit read file by extension php,ini,conf and 
folder /etc. Allowed read /usr/local/etc logs and other file (if hosting 
not limit open_basedir).

A.L.E.C писал 2013-03-27 20:11:
> We already fixed the issue in git branches: master, release-0.9,
> release-0.8, release-0.7. We'll release updated packages soon.

-- 
Sidlyarenko Sergey
https://github.com/lefoyer


More information about the dev mailing list