[Pkg-roundcube-maintainers] Bug#1003027: roundcube: XSS vulnerability via HTML messages with malicious CSS content
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 6 05:10:19 GMT 2022
Control: retitle -1 roundcube: CVE-2021-46144: XSS vulnerability via HTML messages with malicious CSS content
Hi Guilhem,
On Wed, Jan 05, 2022 at 09:19:49PM +0100, Guilhem Moulin wrote:
> Hi carnil,
>
> On Wed, 05 Jan 2022 at 20:49:35 +0100, Salvatore Bonaccorso wrote:
> > FTR, have not yet heard back on the assignment. We can wait a bit
> > longer, but just wanted to say we do not necessarily need to block on
> > the missing assignment if we want to release the DSA earlier. The
> > issue is not that urgent though I think that we could not wait a bit
> > longer.
>
> Thanks for the follow-up! I have the debdiff ready (modulo d/changelog)
> but I agree with your assessment that the severity is not serious
> enough to warrant rushing the DSA through. Let's wait a bit longer then :-)
CVE-2021-46144 has been assigned for the roundcube issue.
Regards,
Salvatore
More information about the Pkg-roundcube-maintainers
mailing list