[Pkg-roundcube-maintainers] Bug#959140: roundcube: Cross-Site Scripting (XSS) vulnerability via malicious HTML messages
Guilhem Moulin
guilhem at debian.org
Wed Apr 29 21:27:51 BST 2020
Source: roundcube
Severity: important
Tags: security
AFAICT no CVE was assigned for this yet. 1.2.x, 1.3.x and 1.4.x
branches are affected. Upstream fix:
1.4.x https://github.com/roundcube/roundcubemail/commit/87e4cd0cf2c550e77586860b94e5c75d2b7686d0
1.3.x https://github.com/roundcube/roundcubemail/commit/23c06159ae8c6f500336e3075820e648aa6f40a4
1.2.x https://github.com/roundcube/roundcubemail/commit/4312dc4efecb9553fcacfab0ab9d9ee6e88477e7
--
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-roundcube-maintainers/attachments/20200429/b320ebc4/attachment.sig>
More information about the Pkg-roundcube-maintainers
mailing list