Bug 34334 - roundcube new security issue CVE-2025-49113
Summary: roundcube new security issue CVE-2025-49113
Status: RESOLVED DUPLICATE of bug 34341
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2025-06-02 10:32 CEST by Nicolas Salguero
Modified: 2025-06-03 14:57 CEST (History)
0 users

See Also:
Source RPM: roundcubemail-1.6.8-1.mga9.src.rpm
CVE: CVE-2025-49113
Status comment: Fixed upstream in 1.6.11

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2025-06-02 10:32:12 CEST 
The issue was announced here:
https://www.openwall.com/lists/oss-security/2025/06/02/1
Nicolas Salguero 2025-06-02 10:32:43 CEST

Status comment: (none) => Fixed upstream in 1.6.11
Whiteboard: (none) => MGA9TOO
Source RPM: (none) => roundcubemail-1.6.10-1.mga10.src.rpm, roundcubemail-1.6.8-1.mga9.src.rpm

Comment 1 Nicolas Salguero 2025-06-03 14:32:50 CEST 
Follow-up: https://www.openwall.com/lists/oss-security/2025/06/02/3

For Cauldron, roundcubemail-1.6.11-1.mga10 solves the issue.

CVE: (none) => CVE-2025-49113
Whiteboard: MGA9TOO => (none)
Source RPM: roundcubemail-1.6.10-1.mga10.src.rpm, roundcubemail-1.6.8-1.mga9.src.rpm => roundcubemail-1.6.8-1.mga9.src.rpm
Summary: roundcube new security issue => roundcube new security issue CVE-2025-49113
Version: Cauldron => 9

Comment 2 Nicolas Salguero 2025-06-03 14:57:31 CEST 
Duplicate of bug 34341.

*** This bug has been marked as a duplicate of bug 34341 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE
Note You need to log in before you can comment on or make changes to this bug.