FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

roundcube -- IMAP command injection vulnerability

Affected packages
		roundcube	<=	1.3.5,1

Details

VuXML ID	48894ca9-3e6f-11e8-92f0-f0def167eeea
Discovery	2018-04-11
Entry	2018-04-13

Upstream reports:

This update primarily fixes a recently discovered IMAP-cmd-injection vulnerability caused by insufficient input validation within the archive plugin. Details about the vulnerability are published under CVE-2018-9846.

[source]

References

CVE Name	CVE-2018-9846
URL	https://roundcube.net/news/2018/04/11/security-update-1.3.6