[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: XSS in roundcube before 1.1.0
From: Salvatore Bonaccorso <carnil () debian ! org>
Date: 2015-03-29 17:43:57
Message-ID: 20150329174357.GA2881 () eldamar ! local
[Download RAW message or body]
Hi Hanno,
On Sun, Mar 29, 2015 at 11:52:06AM +0200, Hanno Böck wrote:
> http://trac.roundcube.net/wiki/Changelog
> Fix XSS issue in style attribute handling (#1490227)
>
> Upstream Bug:
> http://trac.roundcube.net/ticket/1490227
>
> Commit:
> http://trac.roundcube.net/changeset/786aa0725/github
>
> It was not mentioned in the release notes...
This seem to have already a CVE: CVE-2015-1433, from
http://www.openwall.com/lists/oss-security/2015/01/31/6
Regards,
Salvatore
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic