Forum: >>> Magnum BBS <<<

Bug#1107073: roundcube: Post-Auth RCE via PHP Object Deserialization

From Guilhem Moulin@21:1/5 to Guilhem Moulin on Sun Jun 1 12:00:01 2025

On Sun, 01 Jun 2025 at 11:10:05 +0200, Guilhem Moulin wrote:

Roundcube webmail upstream has recently released 1.6.10 [0]

Meant 1.6.11 (and 1.5.10).

--
Guilhem.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmg8IsYACgkQ05pJnDwh pVKr+BAAhuIvI/C1+5VaU4VtLDGXvxSL9LxCaKYZmfcxYtVPZEj/JYTr/Cii7uS/ /jPry2ZMfj92rRz22iShv3EDxtnE5LA/r1qz6P/eZqSmNSLbgU+87nE7pmIadKdx RDXA8qZna2zFr39rUCJlPuX4UbBRaGO64OBpxKfdIqfmNQX8S03r/Q4LrP/TIv13 y+0PvzS5mSBeKM5rDxu2R1FZA21Yc5QFoWsIYyFndkUB5x/i1L8eaEfguZ6wT0Kt UEFlltVhXT1oCuuKIjPbQYVkl1cGDkTBFPYyGpSG3J7H4W4xbTW+QUxARPXMN5io ZyLwfi1KGG5wQiHVXWabzpmmROko9cM/BoakPQ5UA9wovl1DvyEKSVotFydzn8+6 sheZrtZPcGC4Ui5WCwJGTgAtwiECaO8KIj60qjORG/3A7CDbTg2dJipV8XXXgBjL VeWKtS0D096pLBetGtC+9b+JSsAG3QQQ0TF1qOz5g6X952zDmykZdUwUnHaAGTdj gNIEpZIfixGJkIgyHDYtEf0vdjyAf6YwB7tZ90fSooboaBEaa2yI757M1oLKsdzF g2fQqi4xvREMcMBnENHdqB3pbLjcRJlhf/fukI88LKPWJM++YwhGjzZ01qRNFLOF BkucDe0NopYUXCKEQ5wDZF5pZyO9IlbKEZbRy1YSjQO6uQYj1U0=
=ugs9
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (3 / 13)
Uptime:	158:02:30
Calls:	12,094
Calls today:	2
Files:	15,000
Messages:	6,517,755