[Pkg-roundcube-maintainers] Debian Bullseye/Buster: XSS vulnerability in handling of linkrefs in plain text messages
Georg Schlagholz
georg at linuxtage.at
Wed Sep 27 11:30:59 BST 2023
Dear roundcube maintainers!
I saw version 1.6 was updated to fix the XSS:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052059
I kindly ask you to apply the fix for the 1.4 version in debian
Bullseye/Buster. https://packages.debian.org/search?keywords=roundcube
As I can see, the latest version for Debian Buster is 1.4.13, which was
released Thu, 06 Jan 2022
(https://metadata.ftp-master.debian.org/changelogs//main/r/roundcube/roundcube_1.4.13+dfsg.1-1~deb11u1_changelog)
See:
* https://roundcube.net/
* https://github.com/roundcube/roundcubemail/releases/tag/1.5.4
* https://github.com/roundcube/roundcubemail/releases/tag/1.4.14
Best regards & thanks for you work!
Georg Schlagholz
--
Georg SCHLAGHOLZ (he/him), Obmann
"Grazer Linuxtage" - ZVR: 812999227
https://linuxtage.at
More information about the Pkg-roundcube-maintainers
mailing list