Track two new rouncube issues

author: Salvatore Bonaccorso <carnil@debian.org> 2021-11-18 20:55:49 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-11-18 20:55:49 +0100
commit: 7067660884bb78f664992cfe8c691b478a22b195 (patch)
tree: 1f340378c7fea66a7511decd232f707056a8f836
parent: 8ab7bd933e7631e761f794b86c721985f7f6783b (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index db0083ec6f..1ff37ef5b8 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -1,3 +1,12 @@
+CVE-2021-XXXX [XSS issue in handling attachment filename extension in mimetype mismatch warning]
+	- roundcube 1.5.0+dfsg.1-1 (bug #1000156)
+	NOTE: https://github.com/roundcube/roundcubemail/issues/8193
+	NOTE: https://github.com/roundcube/roundcubemail/commit/faf99bf8a2b7b7562206fa047e8de652861e624a (1.4.12)
+	NOTE: https://github.com/roundcube/roundcubemail/commit/7d7b1dfeff795390b69905ceb63d6391b5b0dfe7 (1.3.17)
+CVE-2021-XXXX [SQL injection via some session variables]
+	- roundcube 1.5.0+dfsg.1-1 (bug #1000156)
+	NOTE: https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1 (1.4.12)
+	NOTE: https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa (1.3.17)
 CVE-2021-43998
 	RESERVED
 CVE-2021-43997 (Amazon FreeRTOS 10.2.0 through 10.4.5 on the ARMv7-M and ARMv8-M MPU p ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2021-11-18 20:55:49 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-11-18 20:55:49 +0100
commit	7067660884bb78f664992cfe8c691b478a22b195 (patch)
tree	1f340378c7fea66a7511decd232f707056a8f836
parent	8ab7bd933e7631e761f794b86c721985f7f6783b (diff)