[Git][security-tracker-team/security-tracker][master] Update information on CVE-2018-19206/roundcube

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eb9b1c19 by Salvatore Bonaccorso at 2018-11-12T19:39:30Z
Update information on CVE-2018-19206/roundcube

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,11 @@
 CVE-2018-19207
 	NOT-FOR-US: WordPress plugin wp-gdpr-compliance
-CVE-2018-19206
-	- roundcube <unfixed>
-	TODO: check
+CVE-2018-19206 [XSS via crafted use of <svg><style>]
+	- roundcube 1.3.8+dfsg.1-1
 	NOTE: https://roundcube.net/news/2018/10/26/update-1.3.8-released
+	NOTE: https://github.com/roundcube/roundcubemail/issues/6410
+	NOTE: https://github.com/roundcube/roundcubemail/commit/102fbf1169116fef32a940b9fb1738bc45276059 (released-1.3)
+	NOTE: https://github.com/roundcube/roundcubemail/commit/adcac3b9de2728c34c4d2b107e54823b6a7f6a5b (master)
 CVE-2018-19205 [mishandles GnuPG MDC integrity-protection warnings]
 	- roundcube 1.3.8+dfsg.1-1
 	NOTE: https://roundcube.net/news/2018/07/27/update-1.3.7-released



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eb9b1c198f58d0a78568a0afea24d1f7f807451e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eb9b1c198f58d0a78568a0afea24d1f7f807451e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181112/7b30423f/attachment.html>