'Re: [oss-security] CVE request: XSS in roundcube before 1.1.0'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: XSS in roundcube before 1.1.0
From:       Salvatore Bonaccorso <carnil () debian ! org>
Date:       2015-03-29 17:43:57
Message-ID: 20150329174357.GA2881 () eldamar ! local
[Download RAW message or body]

Hi Hanno,

On Sun, Mar 29, 2015 at 11:52:06AM +0200, Hanno Böck wrote:
> http://trac.roundcube.net/wiki/Changelog
> Fix XSS issue in style attribute handling (#1490227)
> 
> Upstream Bug:
> http://trac.roundcube.net/ticket/1490227
> 
> Commit:
> http://trac.roundcube.net/changeset/786aa0725/github
> 
> It was not mentioned in the release notes...

This seem to have already a CVE: CVE-2015-1433, from
http://www.openwall.com/lists/oss-security/2015/01/31/6

Regards,
Salvatore
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic