FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

roundcube -- IMAP command injection vulnerability

Affected packages
roundcube <= 1.3.5,1

Details

VuXML ID 48894ca9-3e6f-11e8-92f0-f0def167eeea
Discovery 2018-04-11
Entry 2018-04-13

Upstream reports:

This update primarily fixes a recently discovered IMAP-cmd-injection vulnerability caused by insufficient input validation within the archive plugin. Details about the vulnerability are published under CVE-2018-9846.

References

CVE Name CVE-2018-9846
URL https://roundcube.net/news/2018/04/11/security-update-1.3.6