[Pkg-roundcube-maintainers] Bug#455840: [RCU] Vulnerability in Roundcube
Vincent Bernat
bernat at luffy.cx
Tue Jan 22 21:17:11 UTC 2008
OoO En ce début de soirée du vendredi 28 décembre 2007, vers 21:45, je
disais:
>> I found Squirrelmail's solution. They seem to use one function for every
>> possible tag in the HTML source:
>> http://osdir.com/ml/mail.squirrelmail.cvs/2006-12/msg00031.html
>> I'll try to implement that, and/or search for more :)
> Hi Robin !
> I noticed that you have posted a patch. I have tried it but it seems
> that there is no effect. I have tried with ie6 from ie4linux and I still
> get the javascript popups. Did you try it succesfully on rc2?
> I have used the test message from here:
> http://www.topolis.lt/bugtraq/expression.eml.gz
I have tried with an up-to-date IE7 and the patch provided here does not
fix the issue. In fact, the source code shows there is still unsanitized
strings. I have completed the patch with a function from Squirrelmail
(sq_defang). I have attached the complete patch.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-roundcube-maintainers/attachments/20080122/837e76d7/attachment.pgp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xss-fix.patch
Type: text/x-diff
Size: 7663 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-roundcube-maintainers/attachments/20080122/837e76d7/attachment.patch
More information about the Pkg-roundcube-maintainers
mailing list