Ubuntu
roundcube package

CVE-2011-1491

Bug #757730 reported by Mark Foster on 2011-04-11

260

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	roundcube (Ubuntu)	Confirmed	Medium	Unassigned

Bug Description

Binary package hint: roundcube

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1491
The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-mail message, related to a "login CSRF" issue.

CVE References

2011-1491

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2011-04-19:

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

visibility:	private → public
Changed in roundcube (Ubuntu):
status:	New → Confirmed
importance:	Undecided → Medium

Revision history for this message

quazgar (quazgar) wrote on 2020-05-04:

All Roundcube versions in Ubuntu are far more recent that 0.5.1, so this probably can be closed.

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubunturoundcube package