[Git][security-tracker-team/security-tracker][master] CVEs for roundcube assigned: CVE-2021-44025 and CVE-2021-44026

Fri Nov 19 07:28:13 GMT 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b55092ad by Salvatore Bonaccorso at 2021-11-19T08:27:41+01:00
CVEs for roundcube assigned: CVE-2021-44025 and CVE-2021-44026

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -42,12 +42,12 @@ CVE-2021-3976
 	RESERVED
 CVE-2021-3975
 	RESERVED
-CVE-2021-XXXX [XSS issue in handling attachment filename extension in mimetype mismatch warning]
+CVE-2021-44025 [XSS issue in handling attachment filename extension in mimetype mismatch warning]
 	- roundcube 1.5.0+dfsg.1-1 (bug #1000156)
 	NOTE: https://github.com/roundcube/roundcubemail/issues/8193
 	NOTE: https://github.com/roundcube/roundcubemail/commit/faf99bf8a2b7b7562206fa047e8de652861e624a (1.4.12)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/7d7b1dfeff795390b69905ceb63d6391b5b0dfe7 (1.3.17)
-CVE-2021-XXXX [SQL injection via some session variables]
+CVE-2021-44026 [SQL injection via some session variables]
 	- roundcube 1.5.0+dfsg.1-1 (bug #1000156)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1 (1.4.12)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa (1.3.17)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b55092ade0a911fa77f503a0e10e97ad009fcd90

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b55092ade0a911fa77f503a0e10e97ad009fcd90
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211119/fd2f23a2/attachment.htm>
