Format: 1.7 Date: Thu, 19 Feb 2009 13:06:58 -0500 Source: roundcube Binary: roundcube-core roundcube roundcube-mysql roundcube-pgsql roundcube-sqlite Architecture: all i386_translations Version: 0.1~rc2-6ubuntu0.1 Distribution: hardy Urgency: low Maintainer: Ubuntu/i386 Build Daemon Changed-By: Andrew Starr-Bochicchio Description: roundcube - skinnable AJAX based webmail solution for IMAP servers roundcube-core - skinnable AJAX based webmail solution for IMAP servers roundcube-mysql - virtual package providing MySQL dependencies for RoundCube roundcube-pgsql - virtual package providing PostgreSQL dependencies for RoundCube roundcube-sqlite - virtual package providing sqlite dependencies for RoundCube Launchpad-Bugs-Fixed: 316550 316550 Changes: roundcube (0.1~rc2-6ubuntu0.1) hardy-security; urgency=low . * SECURITY UPDATE: denial of service (memory consumption) via crafted size parameters that are used to create a large quota image - CVE-2008-5620 (LP: #316550) - debian/patches/cve-2008-5620.patch + Backported from Debian * SECURITY UPDATE: allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch. - CVE-2008-56-19 (LP: #316550) - debian/patches/cve-2008-5619.patch + Backport from Debian. Files: c6c0b5d3942e8e0c8380655d7b994d13 485854 web extra roundcube-core_0.1~rc2-6ubuntu0.1_all.deb 5098e08a209d00d6544afc152d7eb7d9 10197 raw-translations - roundcube_0.1~rc2-6ubuntu0.1_i386_translations.tar.gz b551c983aeffafce71bad910291af549 2290 web extra roundcube_0.1~rc2-6ubuntu0.1_all.deb cde6c1b337e7c213804d56ab134e18d0 5532 web extra roundcube-mysql_0.1~rc2-6ubuntu0.1_all.deb 079c7712635be05f97da4d1a18ee6322 5544 web extra roundcube-pgsql_0.1~rc2-6ubuntu0.1_all.deb da5461fafde69306bf1bc6c539c64510 5514 web extra roundcube-sqlite_0.1~rc2-6ubuntu0.1_all.deb Original-Maintainer: Debian Roundcube Maintainers