[Pkg-roundcube-maintainers] Bug#646675: "out of nowhere"?
Vincent Bernat
bernat at debian.org
Wed Oct 26 18:48:08 BST 2011
tags 646675 + patch
thanks
OoO Peu avant le début de l'après-midi du mercredi 26 octobre 2011, vers
13:07, Philipp Kern <pkern at debian.org> disait :
>> severity 646675 important
>> thanks
> am I the only one who has insanely loud alarm bells when reading his report,
> the ticket and everything?
> It includes a foreign site and we can be happy that suhosin blocks it. (I'm
> working from the information in the roundcube ticket[0]. I didn't investigate
> it myself.) But suhosin is not the default?
Yes, the problem seems pretty severe. I am unable to reproduce it, even
with the conditions listed in the ticket [0]. The ticket is not marked
as fixed but the patch has been applied [1]. 0.6 does not seem
vulnerable, only 0.5.4 and older.
Ingo, you reported the bug against 0.6. Is it really the version that is
affected by the problem? It seems already patched.
[0]: http://trac.roundcube.net/ticket/1488086
[1]: http://trac.roundcube.net/changeset/5222
--
Vincent Bernat ☯ http://vincent.bernat.im
die_if_kernel("Penguin instruction from Penguin mode??!?!", regs);
2.2.16 /usr/src/linux/arch/sparc/kernel/traps.c
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-roundcube-maintainers/attachments/20111026/7595fff2/attachment.pgp>
More information about the Pkg-roundcube-maintainers
mailing list