Launchpad CVE tracker

CVE 2008-5620

RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image.

Related bugs and status

CVE-2008-5620 (Candidate) is related to these bugs:

Bug #315193: new roundcube stable release (0.2)

Summary				In	Importance	Status
	315193	new roundcube stable release (0.2)		roundcube (Ubuntu)	Undecided	Fix Released
	315193	new roundcube stable release (0.2)		roundcube (Debian)	Unknown	Fix Released

Bug #316550: [CVE-2008-5619] [CVE-2008-5620] - Roundcube vulnerable and actively exploited

		In	Importance	Status
316550	[CVE-2008-5619] [CVE-2008-5620] - Roundcube vulnerable and actively exploited	roundcube (Ubuntu)	High	Fix Released
316550	[CVE-2008-5619] [CVE-2008-5620] - Roundcube vulnerable and actively exploited	roundcube (Debian)	Unknown	Fix Released
316550	[CVE-2008-5619] [CVE-2008-5620] - Roundcube vulnerable and actively exploited	roundcube (Ubuntu Hardy)	High	Fix Released
316550	[CVE-2008-5619] [CVE-2008-5620] - Roundcube vulnerable and actively exploited	roundcube (Ubuntu Intrepid)	High	Fix Released

Bug #345263: Sync php-mdb2 2.4.1-1 (universe) from Debian unstable (main).

Summary				In	Importance	Status
	345263	Sync php-mdb2 2.4.1-1 (universe) from Debian unstable (main).		Ubuntu	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-5620

References