Your message dated Sun, 01 Jun 2025 10:04:45 +0000
with message-id <e1ulfyb-003yq8...@fasolo.debian.org>
and subject line Bug#1107073: fixed in roundcube 1.6.11+dfsg-1
has caused the Debian Bug report #1107073,
regarding roundcube: Post-Auth RCE via PHP Object Deserialization
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1107073: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107073
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: roundcube
Version: 1.6.10+dfsg-2
Severity: grave
Control: found -1 1.6.5+dfsg-1+deb12u4
Control: found -1 1.4.15+dfsg.1-1+deb11u4
Tags: security upstream
Justification: user security hole
Roundcube webmail upstream has recently released 1.6.10 [0] which fixes
the following vulnerability:
* Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v.
https://github.com/roundcube/roundcubemail/commit/0376f69e958a8fef7f6f09e352c541b4e7729c4d
AFAICT no CVE-ID has been published for this issue. Will request one
tomorrow if no one beats me to it.
--
Guilhem.
[0] https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: roundcube
Source-Version: 1.6.11+dfsg-1
Done: Guilhem Moulin <guil...@debian.org>
We believe that the bug you reported is fixed in the latest version of
roundcube, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1107...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guilhem Moulin <guil...@debian.org> (supplier of updated roundcube package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 01 Jun 2025 11:12:44 +0200
Source: roundcube
Architecture: source
Version: 1.6.11+dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Debian Roundcube Maintainers
<pkg-roundcube-maintain...@alioth-lists.debian.net>
Changed-By: Guilhem Moulin <guil...@debian.org>
Closes: 1107073
Changes:
roundcube (1.6.11+dfsg-1) unstable; urgency=high
.
* New upstream security and bugfix release.
+ Fix Post-Auth RCE via PHP Object Deserialization (closes: #1107073).
* Refresh d/patches.
Checksums-Sha1:
6a4207090692b021f62559ff48c69df8506496f1 3828 roundcube_1.6.11+dfsg-1.dsc
6b6ad202127d5658cf1bbfb360ee60ecfefc3e53 126896
roundcube_1.6.11+dfsg.orig-tinymce-langs.tar.xz
6591300b7b19e46fbeb06055eb19d2b30239c8fd 1928608
roundcube_1.6.11+dfsg.orig-tinymce.tar.xz
e52c776b24b813e6b62e15d669c42b7756aee7bf 2790292
roundcube_1.6.11+dfsg.orig.tar.xz
5716dd2c384a029ad1c9657a4a4880220340bbd0 153640
roundcube_1.6.11+dfsg-1.debian.tar.xz
1e6cee8e5b65fd6af7c5c5909b6e8e8ccf5783bd 13671
roundcube_1.6.11+dfsg-1_amd64.buildinfo
Checksums-Sha256:
a98a6b4235b0ab6dcb6a4efb3048389364e11aa66af0f378aefc3a199d1ceb90 3828
roundcube_1.6.11+dfsg-1.dsc
e21b0ebc1de0cd0046bde646b774fa2d1fde7f5a9afcfa0dc0436ae9f69d8eb5 126896
roundcube_1.6.11+dfsg.orig-tinymce-langs.tar.xz
ea12541f78617d10202c706e8e81f1e2da51b45f5e23a971c997c67fe0675f61 1928608
roundcube_1.6.11+dfsg.orig-tinymce.tar.xz
8a6964aea42a010e2f9af64a6f8d911250a26856227e2c6d19e1ad8df3b4d1f1 2790292
roundcube_1.6.11+dfsg.orig.tar.xz
7354f46c1522a2171b407bddc9553cc915c96b09bdffd45821a77a59818afb99 153640
roundcube_1.6.11+dfsg-1.debian.tar.xz
d5a718d48494f16c018971f3913cde204277213e90d548d3211f6f9581ea4061 13671
roundcube_1.6.11+dfsg-1_amd64.buildinfo
Files:
4f1f76f2f027bcac66f475ffbde50f83 3828 web optional roundcube_1.6.11+dfsg-1.dsc
42b8a6bc2d8142375e735ca236d94942 126896 web optional
roundcube_1.6.11+dfsg.orig-tinymce-langs.tar.xz
16ebea1a06869e6b4035fe15e8294bbb 1928608 web optional
roundcube_1.6.11+dfsg.orig-tinymce.tar.xz
beb27d68af74d935bd131cee9438c41f 2790292 web optional
roundcube_1.6.11+dfsg.orig.tar.xz
193861860dc6f4a9eb94d725928153bc 153640 web optional
roundcube_1.6.11+dfsg-1.debian.tar.xz
85e48fbc01cbef202a426576257945a0 13671 web optional
roundcube_1.6.11+dfsg-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmg8HoMACgkQ05pJnDwh
pVIltBAAxi6YranwqVShqZh4DleskkfcGHOF4awN3rbojXtpWjxplE6PgWSaiKGi
ITdUdQQu9xBgfhcI6q2iRxkZY/gsl3dn4dFv4f0WdcCmfjW/o/RVOU5EMTI7UR/I
6wgb34pdp4HhVMWafLjI59FpfZpW3wEbl2b85ummPJUpoPECLAeVxYx7s6/kcI73
HPy7OaYwlhklkG1VJzIhikjanrUklNH4NVVZakSmhpoXEfysvpZDUcJ7o12c128e
mUwWFTVyGsvZ1HxRzc7wkgpMAuuscXlipffi8DjrE99Y6NrAc3scBfFWFozggeIa
adbV0TOsxpJZAzgGlkrm1zzf3/N/d1PekzRw328Ci6iYjPjmNQBAVEz1qkKSkDJF
8QOrmeUHAxbaiXzsxb+vFTA4VtkCoKMMAvlqDy5JCvuLYPqKfzdWYjoKzGtNdGiw
BIiemN7ABOj7AnMM8kJBtcEsCVBmu/9zWwvKsUZk6xREaLi/AHqYFpx5hM3VC0qS
P/FIuF9LA7i8Cd576h9S+X3AKTjk57uy8OtkkeJUoDV/FeBYB3rX4ZF7Xy4I1XOo
jOx6OLaHh3PZnugIAFiNG534Hjt6jzCOIioxddWEml6csEJw7YQAZ07EpHnUXgVz
y+YoqsWiokZQIsH1CqgTvU0vp0qKf8+kKxx1QLZYg7H+YblyH1o=
=/1j0
-----END PGP SIGNATURE-----
pgpFgkaA43KRR.pgp
Description: PGP signature
--- End Message ---
