Advisories ยป MGASA-2019-0420

Updated roundcubemail packages fix security vulnerability

Publication date: 31 Dec 2019
Modification date: 31 Dec 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-15237

Description

The updated package fixes a security vulnerability:

Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names,
leading to homograph attacks. (CVE-2019-15237)
                

References

SRPMS

7/core