CVE-2008-5620

Publication date 17 December 2008

Last updated 24 July 2024

Ubuntu priority

RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
roundcube	8.10 intrepid	Fixed 0.1.1-7ubuntu0.1
	8.04 LTS hardy	Fixed 0.1~rc2-6ubuntu0.1
	7.10 gutsy	Ignored end of life, was needed
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
roundcube	Debdiff: https://bugs.launchpad.net/ubuntu/+source/roundcube/+bug/316550

References

MITRE
NVD
Launchpad
Debian

Other references

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509596
https://www.cve.org/CVERecord?id=CVE-2008-5620