Information on source package roundcube

Available versions

ReleaseVersion
stretch1.2.3+dfsg.1-4+deb9u10
buster1.3.17+dfsg.1-1~deb10u7
buster (security)1.3.17+dfsg.1-1~deb10u6
bullseye1.4.15+dfsg.1-1+deb11u4
bookworm1.6.5+dfsg-1+deb12u4
trixie1.6.9+dfsg-1
sid1.6.9+dfsg-1

Open issues

BugstretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-42010vulnerablefixedfixedfixedfixedfixedmod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insu ...
CVE-2024-42009vulnerablefixedfixedfixedfixedfixedA Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1. ...
CVE-2024-42008vulnerablefixedfixedfixedfixedfixedA Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() ...
CVE-2024-37384vulnerablefixedfixedfixedfixedfixedRoundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via l ...
CVE-2024-37383vulnerablefixedfixedfixedfixedfixedRoundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via S ...
CVE-2023-47272vulnerablefixedfixedfixedfixedfixedRoundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a C ...
CVE-2023-43770vulnerablefixedfixedfixedfixedfixedRoundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 al ...
CVE-2023-5631vulnerablefixedfixedfixedfixedfixedRoundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 al ...
CVE-2020-18671vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedCross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via ...
CVE-2020-18670vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedCross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via d ...
CVE-2019-15237vulnerable (no DSA)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedRoundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, ...
CVE-2019-10740vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedIn Roundcube Webmail before 1.3.10, an attacker in possession of S/MIM ...
CVE-2018-19205vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedRoundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warni ...

Open unimportant issues

BugstretchbusterbullseyebookwormtrixiesidDescription
CVE-2020-12641vulnerablefixedfixedfixedfixedfixedrcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to ...
CVE-2020-12640vulnerablefixedfixedfixedfixedfixedRoundcube Webmail before 1.4.4 allows attackers to include local files ...

Resolved issues

BugDescription
CVE-2024-37385Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allow ...
CVE-2021-46144Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML ...
CVE-2021-44026Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potentia ...
CVE-2021-44025Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in han ...
CVE-2021-26925Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets ...
CVE-2020-35730An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x ...
CVE-2020-16145Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML me ...
CVE-2020-15562An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x befo ...
CVE-2020-13965An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x b ...
CVE-2020-13964An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x b ...
CVE-2020-12626An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF atta ...
CVE-2020-12625An issue was discovered in Roundcube Webmail before 1.4.4. There is a ...
CVE-2018-1000071roundcube version 1.3.4 and earlier contains an Insecure Permissions v ...
CVE-2018-19206steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use ...
CVE-2018-9846In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin ena ...
CVE-2017-16651Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before ...
CVE-2017-8114Roundcube Webmail allows arbitrary password resets by authenticated us ...
CVE-2017-6820rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is su ...
CVE-2016-9920steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2 ...
CVE-2016-4552Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1 ...
CVE-2016-4069Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail b ...
CVE-2016-4068Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1 ...
CVE-2015-8864Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1 ...
CVE-2015-8794Absolute path traversal vulnerability in program/steps/addressbook/pho ...
CVE-2015-8793Cross-site scripting (XSS) vulnerability in program/include/rcmail.php ...
CVE-2015-8770Directory traversal vulnerability in the set_skin function in program/ ...
CVE-2015-8105Cross-site scripting (XSS) vulnerability in program/js/app.js in Round ...
CVE-2015-5383Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain ...
CVE-2015-5382program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 ...
CVE-2015-5381Cross-site scripting (XSS) vulnerability in program/include/rcmail.php ...
CVE-2015-2181Multiple buffer overflows in the DBMail driver in the Password plugin ...
CVE-2015-2180The DBMail driver in the Password plugin in Roundcube before 1.1.0 all ...
CVE-2015-1433program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does ...
CVE-2014-9587Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcub ...
CVE-2013-6172steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x ...
CVE-2013-5646Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git ...
CVE-2013-5645Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webma ...
CVE-2013-1904Absolute path traversal vulnerability in steps/mail/sendmail.inc in Ro ...
CVE-2012-6121Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0 ...
CVE-2012-4668Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 an ...
CVE-2012-3508Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in ...
CVE-2012-3507Cross-site scripting (XSS) vulnerability in program/steps/mail/func.in ...
CVE-2012-1253Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0 ...
CVE-2011-4078include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5. ...
CVE-2011-2937Cross-site scripting (XSS) vulnerability in the UI messages functional ...
CVE-2011-1492steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not prop ...
CVE-2011-1491The login form in Roundcube Webmail before 0.5.1 does not properly han ...
CVE-2010-0464Roundcube 0.3.1 and earlier does not request that the web browser avoi ...
CVE-2009-4077Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0 ...
CVE-2009-4076Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0 ...
CVE-2009-0413Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcu ...
CVE-2008-5620RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attack ...
CVE-2008-5619html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMaile ...
CVE-2007-6321Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, ...
CVE-2005-4368roundcube webmail Alpha, with a default high verbose level ($rcmail_co ...

Security announcements

DSA / DLADescription
ELA-1170-1roundcube - security update
DSA-5743-2roundcube - security update
DSA-5743-1roundcube - security update
DSA-5714-1roundcube - security update
DLA-3835-1roundcube - security update
DLA-3683-1roundcube - security update
DSA-5572-1roundcube - security update
DLA-3630-1roundcube - security update
DSA-5531-1roundcube - security update
DLA-3577-1roundcube - security update
DLA-2878-1roundcube - security update
DSA-5037-1roundcube - security update
DLA-2840-1roundcube - security update
DSA-5013-1roundcube - security update
DSA-4821-1roundcube - security update
DLA-2508-1roundcube - security update
DSA-4744-1roundcube - security update
DLA-2322-1roundcube - security update
DSA-4720-1roundcube - security update
DSA-4700-1roundcube - security update
DSA-4674-1roundcube - security update
DSA-4344-1roundcube - security update
DSA-4181-1roundcube - security update
DLA-1193-1roundcube - security update
DSA-4030-1roundcube - security update
DLA-613-2roundcube - regression update
DLA-933-1roundcube - security update
DLA-855-1roundcube - security update
DLA-737-1roundcube - security update
DLA-613-1roundcube - security update
DLA-537-1roundcube - security update
DSA-3541-1roundcube - security update
DLA-392-1roundcube - security update
DSA-2787-1roundcube - design error

Search for package or bug name: Reporting problems