[Pkg-roundcube-maintainers] Bug#1003027: roundcube: XSS vulnerability via HTML messages with malicious CSS content
Guilhem Moulin
guilhem at debian.org
Wed Jan 5 20:19:49 GMT 2022
Hi carnil,
On Wed, 05 Jan 2022 at 20:49:35 +0100, Salvatore Bonaccorso wrote:
> FTR, have not yet heard back on the assignment. We can wait a bit
> longer, but just wanted to say we do not necessarily need to block on
> the missing assignment if we want to release the DSA earlier. The
> issue is not that urgent though I think that we could not wait a bit
> longer.
Thanks for the follow-up! I have the debdiff ready (modulo d/changelog)
but I agree with your assessment that the severity is not serious
enough to warrant rushing the DSA through. Let's wait a bit longer then :-)
cheers,
--
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-roundcube-maintainers/attachments/20220105/b8bbe1dc/attachment.sig>
More information about the Pkg-roundcube-maintainers
mailing list