It was discovered that Roundcube Webmail incorrectly handled sanitization in the message_body function. A remote attacker could possibly use this issue to send and receive emails as another user.
{ "binaries": [ { "binary_version": "1.6.6+dfsg-2ubuntu0.1+esm1", "binary_name": "roundcube" }, { "binary_version": "1.6.6+dfsg-2ubuntu0.1+esm1", "binary_name": "roundcube-core" }, { "binary_version": "1.6.6+dfsg-2ubuntu0.1+esm1", "binary_name": "roundcube-mysql" }, { "binary_version": "1.6.6+dfsg-2ubuntu0.1+esm1", "binary_name": "roundcube-pgsql" }, { "binary_version": "1.6.6+dfsg-2ubuntu0.1+esm1", "binary_name": "roundcube-plugins" }, { "binary_version": "1.6.6+dfsg-2ubuntu0.1+esm1", "binary_name": "roundcube-sqlite3" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro" }