[Pkg-roundcube-maintainers] roundcube: CVE-2020-35730: XSS vulnerability via malious HTML or plaintext messages
Guilhem Moulin
guilhem at debian.org
Mon Dec 28 11:13:41 GMT 2020
On Mon, 28 Dec 2020 at 07:24:24 +0100, Salvatore Bonaccorso wrote:
> On Mon, Dec 28, 2020 at 03:16:51AM +0100, Guilhem Moulin wrote:
>> The package in buster is currently following the 1.3 branch and I
>> propose to keep that trend; upstream changes are minimal but also
>> contain two irrelevant changes, one of which (the jstz version bump) I
>> reverted in debian/patches. Debdiff enclosed, as well as the diff in
>> patch-applied trees. I tested this but would appreciate if you could
>> take care of the DSA :-)
>
> Looks good to me, please upload to security-master for
> buster-security, we will take it from there for DSA.
Thanks Savatore, uploaded!
--
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-roundcube-maintainers/attachments/20201228/d5ef8594/attachment.sig>
More information about the Pkg-roundcube-maintainers
mailing list