[RCD] Security updates 0.8.6 and 0.7.3 for save-pref vulnerability

A.L.E.C alec at alec.pl
Thu Mar 28 10:13:01 CET 2013


On 03/28/2013 09:54 AM, Vladislav Bogdanov wrote:

>> Patch for 0.6: http://ow.ly/jtQNd
> 
> Are previous versions affected?
> 
> Looking at my 0.4 installation, save_prefs is implemented absolutely
> differently, there are lists of prefs for each section, and they are
> cherry-picked from a what client sends.

0.4 is vulnerable too, you're looking in a wrong place. The issue is in
steps/utils/save_pref.inc. We don't support such very old releases.

-- 
Aleksander 'A.L.E.C' Machniak
LAN Management System Developer [http://lms.org.pl]
Roundcube Webmail Developer  [http://roundcube.net]
---------------------------------------------------
PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl


More information about the dev mailing list