[Pkg-roundcube-maintainers] Bug#514179: CVE-2009-0413: possible XSS issue
Steffen Joeris
steffen.joeris at skolelinux.de
Wed Feb 4 23:13:05 UTC 2009
Package: roundcube
Version: 0.2~alpha-4
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for roundcube.
CVE-2009-0413[0]:
| Cross-site scripting (XSS) vulnerability in RoundCube Webmail
| (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary
| web script or HTML via the background attribute embedded in an HTML
| e-mail message.
This bugreport concerns the experimental version. The other versions
don't seem to be affected after a quick glance. The published upstream
patch is here[1].
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0413
http://security-tracker.debian.net/tracker/CVE-2009-0413
[1] http://trac.roundcube.net/changeset/2245
More information about the Pkg-roundcube-maintainers
mailing list