Description of problem: A vulnerability in roundcubemail 0.1.1 may allow attackers to execute commands as the "httpd" user. This bug is fixed in 0.2: http://sourceforge.net/forum/forum.php?forum_id=898542 Version-Release number of selected component (if applicable): roundcubemail-0.1.1-4.el5
0.2 will not work in RHEL5 or earlier due to the PHP version. I'll see if I can fix or craft a patch.
To be clear, are you referring to the html2text and quota vulnerabilities?
Yes, I am.
I can build but not effectively test for EL-5. Would you be willing to test an uploaded rpm, or would you prefer a srpm?
Ping?
I can test either. I'd be curious enough to review the patch, as well, so a src.rpm would be welcome.
I've successfully tested the attached patch. It merely replaces html2text.inc with the version of html2text.php released to fix the bug in 0.2. Please publish an updated package ASAP. This is actively being exploited in the wild.
Created attachment 335298 [details] Patch to fix CVE-2008-5619
Built for EL-5 and EL-4, sent request for push to epel-signers. Thanks very much for the patch and testing. Sorry for the delay, I've been extraordinarily busy of late.
This still hasn't been pushed. I'm going to try to ping the epel-signers. Just got hit by this yesterday.