diff options
| author | Kåre Thor Olsen <kaare@nightcall.dk> | 2020-07-08 13:03:11 +0200 |
|---|---|---|
| committer | Kåre Thor Olsen <kaare@nightcall.dk> | 2020-07-08 13:03:11 +0200 |
| commit | 92b55131b2b928f48ba4292312fdc4577a5b34f1 (patch) | |
| tree | 0b439d8d1709743a52e030f4710905e69aa499ea /english/security/2020/dsa-4720.wml | |
| parent | f4de6418145edaf39cab72f91c7ff4ea92d1986a (diff) | |
[SECURITY] [DSA 4720-1] roundcube security update
Diffstat (limited to 'english/security/2020/dsa-4720.wml')
| -rw-r--r-- | english/security/2020/dsa-4720.wml | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/english/security/2020/dsa-4720.wml b/english/security/2020/dsa-4720.wml new file mode 100644 index 00000000000..a5e2b0738b1 --- /dev/null +++ b/english/security/2020/dsa-4720.wml @@ -0,0 +1,21 @@ +<define-tag description>security update</define-tag> +<define-tag moreinfo> +<p>It was discovered that roundcube, a skinnable AJAX based webmail +solution for IMAP servers, did not properly sanitize incoming mail +messages. This would allow a remote attacker to perform a Cross-Side +Scripting (XSS) attack.</p> + +<p>For the stable distribution (buster), this problem has been fixed in +version 1.3.14+dfsg.1-1~deb10u1.</p> + +<p>We recommend that you upgrade your roundcube packages.</p> + +<p>For the detailed security status of roundcube please refer to +its security tracker page at: +<a href="https://security-tracker.debian.org/tracker/roundcube">\ +https://security-tracker.debian.org/tracker/roundcube</a></p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2020/dsa-4720.data" +# $Id: $ |