749201 – CVE-2011-4078 php-pear-MDB2, roundcubemail: DoS (unavailability to access user's INBOX) after receiving an email message with the URL in the Subject [fedora-15]

Bug 749201 - CVE-2011-4078 php-pear-MDB2, roundcubemail: DoS (unavailability to access user's INBOX) after receiving an email message with the URL in the Subject [fedora-15]

Summary: CVE-2011-4078 php-pear-MDB2, roundcubemail: DoS (unavailability to access use...

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	roundcubemail
Sub Component:
Version:	15
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Gwyn Ciesla
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	CVE-2011-4078
TreeView+	depends on / blocked

Reported:	2011-10-26 13:20 UTC by Jan Lieskovsky
Modified:	2011-10-27 10:51 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Release Note
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-10-27 10:51:40 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Jan Lieskovsky 2011-10-26 13:20:35 UTC

fedora-15 tracking bug for roundcubemail: see blocks bug list for full details of the security issue(s).

This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.


[bug automatically created by: add-tracking-bugs]

Comment 1 Jan Lieskovsky 2011-10-27 10:51:40 UTC

The behaviour of is_a() PHP routine has been restored back to that one <= php-v5.3.6:
See

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3379

for further information.

This means roundcubemail package, as shipped with Fedora release of 15 would NOT be affected by the CVE-2011-4078 issue. Closing this bug.

Note You need to log in before you can comment on or make changes to this bug.