oss-sec mailing list archives
CVE request: roundcube 0.9.3 fixes two XSS flaws
From: Vincent Danen <vdanen () redhat com>
Date: Fri, 23 Aug 2013 08:39:33 -0600
I don't see CVEs for these, or requests, so could two be assigned please? Two XSS flaws were fixed in roundcube 0.9.3 [1]: * Fix XSS vulnerability when saving HTML signatures [2],[3] * Fix XSS vulnerability when editing a message "as new" or draft [2],[4] [1] http://trac.roundcube.net/wiki/Changelog#RELEASE0.9.3 [2] http://trac.roundcube.net/ticket/1489251 [3] http://trac.roundcube.net/changeset/ce5a6496fd6039962ba7424d153278e41ae8761b/github [4] http://trac.roundcube.net/changeset/93b0a30c1c8aa29d862b587b31e52bcc344b8d16/github Other references: http://bugs.gentoo.org/show_bug.cgi?id=482206 https://bugzilla.redhat.com/show_bug.cgi?id=1000510 Thanks. --Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE request: roundcube 0.9.3 fixes two XSS flaws Vincent Danen (Aug 23)
- Re: CVE request: roundcube 0.9.3 fixes two XSS flaws cve-assign (Aug 23)
- Re: Re: CVE request: roundcube 0.9.3 fixes two XSS flaws Vincent Danen (Aug 27)
- Re: CVE request: roundcube 0.9.3 fixes two XSS flaws cve-assign (Aug 28)
- Re: Re: CVE request: roundcube 0.9.3 fixes two XSS flaws Vincent Danen (Aug 28)
- Re: CVE request: roundcube 0.9.3 fixes two XSS flaws cve-assign (Aug 23)