summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2021-11-19 08:27:41 +0100
committerSalvatore Bonaccorso <carnil@debian.org>2021-11-19 08:27:41 +0100
commit900dd005dab26cc85aae8816e4a5f574311fc9dc (patch)
tree3a4fc47111354953fc22ea17ce9c26250b7d5665
parent3cb8496c06ff1453e5be4bf0c859ee5d94028c9e (diff)
CVEs for roundcube assigned: CVE-2021-44025 and CVE-2021-44026
-rw-r--r--data/CVE/2021.list4
1 files changed, 2 insertions, 2 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index b7fb5f10d5..699e2cff4c 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -42,12 +42,12 @@ CVE-2021-3976
RESERVED
CVE-2021-3975
RESERVED
-CVE-2021-XXXX [XSS issue in handling attachment filename extension in mimetype mismatch warning]
+CVE-2021-44025 [XSS issue in handling attachment filename extension in mimetype mismatch warning]
- roundcube 1.5.0+dfsg.1-1 (bug #1000156)
NOTE: https://github.com/roundcube/roundcubemail/issues/8193
NOTE: https://github.com/roundcube/roundcubemail/commit/faf99bf8a2b7b7562206fa047e8de652861e624a (1.4.12)
NOTE: https://github.com/roundcube/roundcubemail/commit/7d7b1dfeff795390b69905ceb63d6391b5b0dfe7 (1.3.17)
-CVE-2021-XXXX [SQL injection via some session variables]
+CVE-2021-44026 [SQL injection via some session variables]
- roundcube 1.5.0+dfsg.1-1 (bug #1000156)
NOTE: https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1 (1.4.12)
NOTE: https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa (1.3.17)

© 2014-2024 Faster IT GmbH | imprint | privacy policy