From ac4a3040fa04b98f1db354527f6cdb1ecb042cb4 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Mon, 28 Dec 2020 14:48:31 +0100 Subject: [DSA 4821-1] roundcube security update --- english/security/2020/dsa-4821.data | 13 +++++++++++++ english/security/2020/dsa-4821.wml | 20 ++++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 english/security/2020/dsa-4821.data create mode 100644 english/security/2020/dsa-4821.wml diff --git a/english/security/2020/dsa-4821.data b/english/security/2020/dsa-4821.data new file mode 100644 index 00000000000..40c6697e367 --- /dev/null +++ b/english/security/2020/dsa-4821.data @@ -0,0 +1,13 @@ +DSA-4821-1 roundcube +2020-12-28 +CVE-2020-35730 Bug#978491 +roundcube +yes +yes +no + +#use wml::debian::security + + + + diff --git a/english/security/2020/dsa-4821.wml b/english/security/2020/dsa-4821.wml new file mode 100644 index 00000000000..4e30c2357a8 --- /dev/null +++ b/english/security/2020/dsa-4821.wml @@ -0,0 +1,20 @@ +security update + +

Alex Birnberg discovered that roundcube, a skinnable AJAX based webmail +solution for IMAP servers, is prone to a cross-site scripting +vulnerability in handling HTML or Plain text messages with malicious +content.

+ +

For the stable distribution (buster), this problem has been fixed in +version 1.3.16+dfsg.1-1~deb10u1.

+ +

We recommend that you upgrade your roundcube packages.

+ +

For the detailed security status of roundcube please refer to its +security tracker page at: +https://security-tracker.debian.org/tracker/roundcube

+ + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2020/dsa-4821.data" +# $Id: $ -- cgit v1.2.3