AVG-506 log

Package	roundcubemail
Status	Fixed
Severity	High
Type	arbitrary filesystem access
Affected	1.3.2-1
Fixed	1.3.3-1
Current	1.6.6-1 [extra]
Ticket	None
Created	Sun Nov 19 15:02:53 2017

Issue	Severity	Remote	Type	Description
CVE-2017-16651	High	Yes	Arbitrary filesystem access	Roundcube Webmail 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in...

Date	Advisory	Package	Type
21 Nov 2017	ASA-201711-27	roundcubemail	arbitrary filesystem access

References
https://github.com/roundcube/roundcubemail/commit/c90ad5a97784fb32683b8e3c21d6c95baab6d806 https://github.com/roundcube/roundcubemail/issues/6026 https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10

References

https://github.com/roundcube/roundcubemail/commit/c90ad5a97784fb32683b8e3c21d6c95baab6d806
https://github.com/roundcube/roundcubemail/issues/6026
https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10