Gentoo alert 202507-10 (Roundcube)
| From: | glsamaker@gentoo.org | |
| To: | gentoo-announce@lists.gentoo.org | |
| Subject: | [gentoo-announce] [ GLSA 202507-10 ] Roundcube: Multiple Vulnerabilities | |
| Date: | Tue, 22 Jul 2025 09:00:22 -0000 | |
| Message-ID: | <175317482262.7.5359235738107219608@3f85d36892cf> |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202507-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Roundcube: Multiple Vulnerabilities Date: July 22, 2025 Bugs: #711270, #824918, #937890, #957155 ID: 202507-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Roundcube, the worst of which could lead to execution of arbitrary code. Background ========== Free and open source webmail software for the masses, written in PHP. Affected packages ================= Package Vulnerable Unaffected --------------------- ------------ ------------ mail-client/roundcube < 1.6.11 >= 1.6.11 Description =========== Multiple vulnerabilities have been discovered in Roundcube. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Roundcube users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/roundcube-1.6.11" References ========== [ 1 ] CVE-2019-15237 https://nvd.nist.gov/vuln/detail/CVE-2019-15237 [ 2 ] CVE-2021-44025 https://nvd.nist.gov/vuln/detail/CVE-2021-44025 [ 3 ] CVE-2021-44026 https://nvd.nist.gov/vuln/detail/CVE-2021-44026 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202507-10 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2025 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmh/UyYACgkQFMQkOaVy +9ng0hAAnKbTO9LvZP89LNn/EBcTaP/tC1vaVFH6Xn5N6/l/lS28k96RN6b9zVXR q13RYyPGorvZ0EjVeZ7muZEFIyPCnkMcEUtTG5PTtalsvGLWABEDJjsS3wsdaiSs gyKW1nMLfXNLYhtZbe1038Iso2zz4pFf9xWt6VTKACVYGYtNgGbFYDn34FfleXFZ 5h98TnSYqc1zCimVjDlFSDZ6dKmqpthqIleP+XTYxYcMFD50ooSfSIc7U5YulYVt qX6XSx8SsA3492n/pC/YIG2+8TtacluPTp1BURJkQstVdwwOv0MPSPhY76e8C0WO qkg3EwHN+iQrXa2QljHt7Oouc50NoIu+GbUQAchTLvV2HOdJAIP5gjgN0+QDoyTY gN6ARFUq+HVAPm80JCVwm358kpraxmxgOwnQQSgzsY8zspV8f49miAY+L0hGMRI9 tV4lGMqr3P0GAq9DKJHskPK11rKssPcRezM8aPJhlevg745euKpF7tbr1mW6c8L2 x92EMhr72BIwy17t5Ljg70+XKpQJhm7F9PuVqB1+so3gf76memNpdFkL7YJzuzOg ayIVhZI9UdEBWbWhgxWRJOAsNwfHcuh6tlP5byH6G3LJJOjLE6Vfz5ldHiWaFCa5 ISH51YxKlpl/cAVtXeYcNykKjBGQSAdvkZ0WykPmRJVdc7wEUN0= =v2vF -----END PGP SIGNATURE-----