[Pkg-roundcube-maintainers] Bug#1003027: roundcube: XSS vulnerability via HTML messages with malicious CSS content
Salvatore Bonaccorso
carnil at debian.org
Mon Jan 3 08:47:28 GMT 2022
Hi Guilhem,
On Sun, Jan 02, 2022 at 10:50:25PM +0100, Guilhem Moulin wrote:
> Package: roundcube
> Severity: important
> Tags: security
> Control: found -1 1.3.17+dfsg.1-1~deb10u1
> Control: found -1 1.4.12+dfsg.1-1~deb11u1
> Control: fixed -1 1.5.1+dfsg-1
^^^^^^^^^^^^
Is this correct with the 1.5.1+dfsg-1 version? The release notes say
that it is fixed in 1.5.2 upstream. Asking for clarifying the
tracking.
Regards,
Salvatore
More information about the Pkg-roundcube-maintainers
mailing list