[Pkg-roundcube-maintainers] roundcube: CVE-2020-15562: XSS vulnerability via HTML messages with malicious svg/namespace
Sébastien Delafond
seb at debian.org
Tue Jul 7 07:33:35 BST 2020
On 06/07 16:43, Guilhem Moulin wrote:
> This was assigned CVE-2020-15562 today.
>
> For stretch-security I prepared 1.2.3+dfsg.1-4+deb9u6 with the attached
> debdiff.
>
> The package in buster is currently following the 1.3 branch, but
> 1.3.14+dfsg.1-1~deb10u1 contains only the targeted fix. Debdiff
> attached.
Hi Guilhem,
thanks for the debdiffs, I will review them shortly.
Cheers,
--
Seb
More information about the Pkg-roundcube-maintainers
mailing list