[Pkg-roundcube-maintainers] roundcube: CVE-2020-35730: XSS vulnerability via malious HTML or plaintext messages

Salvatore Bonaccorso carnil at debian.org
Mon Dec 28 13:55:38 GMT 2020


Hi Guilhem,

On Mon, Dec 28, 2020 at 12:13:41PM +0100, Guilhem Moulin wrote:
> On Mon, 28 Dec 2020 at 07:24:24 +0100, Salvatore Bonaccorso wrote:
> > On Mon, Dec 28, 2020 at 03:16:51AM +0100, Guilhem Moulin wrote:
> >> The package in buster is currently following the 1.3 branch and I
> >> propose to keep that trend; upstream changes are minimal but also
> >> contain two irrelevant changes, one of which (the jstz version bump) I
> >> reverted in debian/patches.  Debdiff enclosed, as well as the diff in
> >> patch-applied trees.  I tested this but would appreciate if you could
> >> take care of the DSA :-) 
> > 
> > Looks good to me, please upload to security-master for
> > buster-security, we will take it from there for DSA.
> 
> Thanks Savatore, uploaded!

Thanks, and released just some minutes ago as DSA 4821-1.

Regards,
Salvatore



More information about the Pkg-roundcube-maintainers mailing list