[Pkg-roundcube-maintainers] roundcube: CVE-2020-15562: XSS vulnerability via HTML messages with malicious svg/namespace
Guilhem Moulin
guilhem at debian.org
Tue Jul 7 15:13:14 BST 2020
Hi Sébastien,
On Tue, 07 Jul 2020 at 09:40:18 +0200, Sébastien Delafond wrote:
> On 07/07 08:33, Sébastien Delafond wrote:
>> On 06/07 16:43, Guilhem Moulin wrote:
>>> For stretch-security I prepared 1.2.3+dfsg.1-4+deb9u6 with the attached
>>> debdiff.
>
> For stretch, the official security support technically ended on the 5th
> of July; could you channel this update via SPU instead? This should be
> done before this coming Saturday.
Oh sorry I missed the news :-P (I knew it would end around this time
but I thought I'd give it a try after DSA 4717-1.) unblock request
filed as #964456.
>>> The package in buster is currently following the 1.3 branch, but
>>> 1.3.14+dfsg.1-1~deb10u1 contains only the targeted fix. Debdiff
>>> attached.
>
> This looks good, please upload to security-master (don't forget to use
> -sa).
Done!
--
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-roundcube-maintainers/attachments/20200707/899d1096/attachment.sig>
More information about the Pkg-roundcube-maintainers
mailing list