[Pkg-roundcube-maintainers] Bug#857473: Bug#857473: roundcube: XSS issue in handling of a style tag inside of an svg element

Salvatore Bonaccorso carnil at debian.org
Tue Mar 14 07:40:04 UTC 2017


Hi

On Tue, Mar 14, 2017 at 04:16:18AM +0100, Guilhem Moulin wrote:
> Control: tag -1 pending
> 
> Hi,
> 
> On Sat, 11 Mar 2017 at 20:29:11 +0100, Salvatore Bonaccorso wrote:
> > 1.2.4 roundcube release fixed a XSS issue in handling of a style tag
> > inside of an svg element.
> 
> Thanks for the ping and the pointers!  I applied the fix to 1.2.3
> (unstable) and 1.1.5 (jessie-backports).

Thanks you Guilhem! (and Vincent as well).

Salvatore



More information about the Pkg-roundcube-maintainers mailing list