[RCD] Security updates 0.8.6 and 0.7.3 for save-pref vulnerability

A.L.E.C alec at alec.pl
Fri Mar 29 07:59:40 CET 2013


On 03/29/2013 07:48 AM, Vladislav Bogdanov wrote:
>> 0.4 is vulnerable too, you're looking in a wrong place. The issue is in
>> steps/utils/save_pref.inc.
> 
> program/steps/settings/save_prefs.inc in my tree.
> 
> This one -
> https://github.com/roundcube/roundcubemail/blob/bdb13a51f735623146f1ac81d9323e5182f99511/program/steps/settings/save_prefs.inc

Ok, your version doesn't have utils/save_pref.inc and is not vulnerable,
but 0.4.1 (I've checked for example) is.

-- 
Aleksander 'A.L.E.C' Machniak
LAN Management System Developer [http://lms.org.pl]
Roundcube Webmail Developer  [http://roundcube.net]
---------------------------------------------------
PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl


More information about the dev mailing list