[Pkg-roundcube-maintainers] Bug#857473: roundcube: XSS issue in handling of a style tag inside of an svg element
Salvatore Bonaccorso
carnil at debian.org
Sun Mar 12 16:11:39 UTC 2017
Control: retitle -1 roundcube: CVE-2017-6820: XSS issue in handling of a style tag inside of an svg element
Hi,
On Sat, Mar 11, 2017 at 08:29:11PM +0100, Salvatore Bonaccorso wrote:
> Source: roundcube
> Version: 1.2.3+dfsg.1-1
> Severity: important
> Tags: security patch upstream fixed-upstream
>
> Hi
>
> 1.2.4 roundcube release fixed a XSS issue in handling of a style tag
> inside of an svg element.
>
> AFAICT, this issue has not yet a CVE assigned, thus I have requested
> one.
This has been assigned CVE-2017-6820.
Regards,
Salvatore
More information about the Pkg-roundcube-maintainers
mailing list