[Pkg-roundcube-maintainers] Bug#1055421: roundcube: cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download

Guilhem Moulin guilhem at debian.org
Sun Nov 5 17:31:06 GMT 2023


Source: roundcube
Version: 1.6.4+dfsg-1
Severity: important
Control: found -1 1.6.4+dfsg-1~deb12u1
Tags: security upstream

Roundcube webmail upstream has recently released 1.6.5 which fixes the
following vulnerability:

 * Fix cross-site scripting (XSS) vulnerability in setting
   Content-Type/Content-Disposition for attachment preview/download.
   https://github.com/roundcube/roundcubemail/commit/81ac3c342a4f288deb275590895b52ec3785cf8a

AFAICT no CVE-ID has been published for this issue.
-- 
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-roundcube-maintainers/attachments/20231105/2b3f46cd/attachment.sig>


More information about the Pkg-roundcube-maintainers mailing list