[Pkg-roundcube-maintainers] Bug#1055421: roundcube: cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download
Guilhem Moulin
guilhem at debian.org
Sun Nov 5 17:31:06 GMT 2023
Source: roundcube
Version: 1.6.4+dfsg-1
Severity: important
Control: found -1 1.6.4+dfsg-1~deb12u1
Tags: security upstream
Roundcube webmail upstream has recently released 1.6.5 which fixes the
following vulnerability:
* Fix cross-site scripting (XSS) vulnerability in setting
Content-Type/Content-Disposition for attachment preview/download.
https://github.com/roundcube/roundcubemail/commit/81ac3c342a4f288deb275590895b52ec3785cf8a
AFAICT no CVE-ID has been published for this issue.
--
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-roundcube-maintainers/attachments/20231105/2b3f46cd/attachment.sig>
More information about the Pkg-roundcube-maintainers
mailing list