Skip to main content

Roundcube CVE-2023-43770 actively exploited

Answered

Comments

6 comments

  • sierrablue

    Is that fixed in 116.0.4?

    https://news.cpanel.com/cpanel-tsr-2023-0004-full-disclosure/

    0
  • cPRex Jurassic Moderator

    Hey there!  That's correct - this has been patched since the versions listed in that update, which are:

    11.116.0.4
    11.114.0.12
    11.110.0.15

    1
  • sierrablue

    Awesome, no need to worry then. Wish everybody would use CVE-IDs in changelogs. Would make tracking a lot easier. I mean that's what "Common Vulnerabilities and Exposures" system is for, for easy reference.

    1
  • cPRex Jurassic Moderator

    We do include the data in our changelog in the RPM package itself.  You can see that with this command:

    # rpm -q --changelog cpanel-roundcubemail | grep 2023-43770
    - Add patch for CVE-2023-43770
    1
  • sierrablue

    Thank you, cPRex

     

    0
  • cPRex Jurassic Moderator

    Sure thing!

    0

Please sign in to leave a comment.