[Git][security-tracker-team/security-tracker][master] Track two new rouncube issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0d5e7cf8 by Salvatore Bonaccorso at 2021-11-18T20:55:49+01:00
Track two new rouncube issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,12 @@
+CVE-2021-XXXX [XSS issue in handling attachment filename extension in mimetype mismatch warning]
+	- roundcube 1.5.0+dfsg.1-1 (bug #1000156)
+	NOTE: https://github.com/roundcube/roundcubemail/issues/8193
+	NOTE: https://github.com/roundcube/roundcubemail/commit/faf99bf8a2b7b7562206fa047e8de652861e624a (1.4.12)
+	NOTE: https://github.com/roundcube/roundcubemail/commit/7d7b1dfeff795390b69905ceb63d6391b5b0dfe7 (1.3.17)
+CVE-2021-XXXX [SQL injection via some session variables]
+	- roundcube 1.5.0+dfsg.1-1 (bug #1000156)
+	NOTE: https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1 (1.4.12)
+	NOTE: https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa (1.3.17)
 CVE-2021-43998
 	RESERVED
 CVE-2021-43997 (Amazon FreeRTOS 10.2.0 through 10.4.5 on the ARMv7-M and ARMv8-M MPU p ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d5e7cf8b1994eb2db2d70e3508f42b8d531816e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d5e7cf8b1994eb2db2d70e3508f42b8d531816e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211118/41142848/attachment.htm>