[Pkg-roundcube-maintainers] Bug#455840: [RCU] Vulnerability in Roundcube

Vincent Bernat bernat at luffy.cx
Tue Jan 22 21:17:11 UTC 2008

OoO En ce  début de soirée du vendredi 28 décembre  2007, vers 21:45, je

>> I found Squirrelmail's solution. They seem to use one function for every
>> possible tag in the HTML source:

>> http://osdir.com/ml/mail.squirrelmail.cvs/2006-12/msg00031.html

>> I'll try to implement that, and/or search for more :)

> Hi Robin !

> I noticed  that you have posted  a patch. I  have tried it but  it seems
> that there is no effect. I have tried with ie6 from ie4linux and I still
> get the javascript popups. Did you try it succesfully on rc2?

> I have used the test message from here:
>  http://www.topolis.lt/bugtraq/expression.eml.gz

I have tried with an up-to-date IE7 and the patch provided here does not
fix the issue. In fact, the source code shows there is still unsanitized
strings. I  have completed the  patch with a function  from Squirrelmail
(sq_defang). I have attached the complete patch.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-roundcube-maintainers/attachments/20080122/837e76d7/attachment.pgp 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xss-fix.patch
Type: text/x-diff
Size: 7663 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-roundcube-maintainers/attachments/20080122/837e76d7/attachment.patch 

More information about the Pkg-roundcube-maintainers mailing list