[RCD] zero day vulnerability (tested on v8.0 to 9.0)

Sergey Sidlyarenko roundcube at lefoyer.ru
Wed Mar 27 17:47:51 CET 2013

This path 
not secure because only limit read file by extension php,ini,conf and 
folder /etc. Allowed read /usr/local/etc logs and other file (if hosting 
not limit open_basedir).

A.L.E.C писал 2013-03-27 20:11:
> We already fixed the issue in git branches: master, release-0.9,
> release-0.8, release-0.7. We'll release updated packages soon.

Sidlyarenko Sergey

More information about the dev mailing list