[Git][security-tracker-team/security-tracker][master] extend explanation for one roundcube issue
Moritz Muehlenhoff
jmm at debian.org
Sat Nov 24 11:25:42 GMT 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
329036ef by Moritz Muehlenhoff at 2018-11-24T11:25:00Z
extend explanation for one roundcube issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1082,7 +1082,7 @@ CVE-2018-19206 (steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafte
NOTE: https://github.com/roundcube/roundcubemail/commit/adcac3b9de2728c34c4d2b107e54823b6a7f6a5b (master)
CVE-2018-19205 (Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection ...)
- roundcube 1.3.8+dfsg.1-1
- [stretch] - roundcube <ignored> (Relies on properly working php-crypt-gpg)
+ [stretch] - roundcube <ignored> (Relies on php-crypt-gpg, not in stretch. Old version in 1.3 doesn't verify signature anyway)
NOTE: https://roundcube.net/news/2018/07/27/update-1.3.7-released
NOTE: https://github.com/roundcube/roundcubemail/issues/6289
NOTE: https://github.com/roundcube/roundcubemail/commit/94da947855329c5062ec2a7098eb86fb675aac37 (release-1.3)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/329036ef7d188561f2cb27648a1b379a9056c62a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/329036ef7d188561f2cb27648a1b379a9056c62a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181124/385700b4/attachment.html>
More information about the debian-security-tracker-commits
mailing list