[Pkg-roundcube-maintainers] roundcube: CVE-2020-35730: XSS vulnerability via malious HTML or plaintext messages
Salvatore Bonaccorso
carnil at debian.org
Mon Dec 28 13:55:38 GMT 2020
Hi Guilhem,
On Mon, Dec 28, 2020 at 12:13:41PM +0100, Guilhem Moulin wrote:
> On Mon, 28 Dec 2020 at 07:24:24 +0100, Salvatore Bonaccorso wrote:
> > On Mon, Dec 28, 2020 at 03:16:51AM +0100, Guilhem Moulin wrote:
> >> The package in buster is currently following the 1.3 branch and I
> >> propose to keep that trend; upstream changes are minimal but also
> >> contain two irrelevant changes, one of which (the jstz version bump) I
> >> reverted in debian/patches. Debdiff enclosed, as well as the diff in
> >> patch-applied trees. I tested this but would appreciate if you could
> >> take care of the DSA :-)
> >
> > Looks good to me, please upload to security-master for
> > buster-security, we will take it from there for DSA.
>
> Thanks Savatore, uploaded!
Thanks, and released just some minutes ago as DSA 4821-1.
Regards,
Salvatore
More information about the Pkg-roundcube-maintainers
mailing list