oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: XSS in roundcube before 1.1.0

From: Salvatore Bonaccorso <carnil () debian org>
Date: Sun, 29 Mar 2015 19:43:57 +0200
Hi Hanno,

On Sun, Mar 29, 2015 at 11:52:06AM +0200, Hanno Böck wrote:

http://trac.roundcube.net/wiki/Changelog
Fix XSS issue in style attribute handling (#1490227)

Upstream Bug:
http://trac.roundcube.net/ticket/1490227

Commit:
http://trac.roundcube.net/changeset/786aa0725/github

It was not mentioned in the release notes...


This seem to have already a CVE: CVE-2015-1433, from
http://www.openwall.com/lists/oss-security/2015/01/31/6

Regards,
Salvatore
Previous By Date Next
Previous By Thread Next

Current thread: