[Pkg-roundcube-maintainers] Bug#857473: Bug#857473: roundcube: XSS issue in handling of a style tag inside of an svg element
Salvatore Bonaccorso
carnil at debian.org
Tue Mar 14 07:40:04 UTC 2017
Hi
On Tue, Mar 14, 2017 at 04:16:18AM +0100, Guilhem Moulin wrote:
> Control: tag -1 pending
>
> Hi,
>
> On Sat, 11 Mar 2017 at 20:29:11 +0100, Salvatore Bonaccorso wrote:
> > 1.2.4 roundcube release fixed a XSS issue in handling of a style tag
> > inside of an svg element.
>
> Thanks for the ping and the pointers! I applied the fix to 1.2.3
> (unstable) and 1.1.5 (jessie-backports).
Thanks you Guilhem! (and Vincent as well).
Salvatore
More information about the Pkg-roundcube-maintainers
mailing list