From 92b55131b2b928f48ba4292312fdc4577a5b34f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A5re=20Thor=20Olsen?= Date: Wed, 8 Jul 2020 13:03:11 +0200 Subject: [SECURITY] [DSA 4720-1] roundcube security update --- english/security/2020/dsa-4720.data | 13 +++++++++++++ english/security/2020/dsa-4720.wml | 21 +++++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 english/security/2020/dsa-4720.data create mode 100644 english/security/2020/dsa-4720.wml diff --git a/english/security/2020/dsa-4720.data b/english/security/2020/dsa-4720.data new file mode 100644 index 00000000000..6cf4b062c4b --- /dev/null +++ b/english/security/2020/dsa-4720.data @@ -0,0 +1,13 @@ +DSA-4720-1 roundcube +2020-7-08 +CVE-2020-15562 Bug#964355 +roundcube +yes +yes +no + +#use wml::debian::security + + + + diff --git a/english/security/2020/dsa-4720.wml b/english/security/2020/dsa-4720.wml new file mode 100644 index 00000000000..a5e2b0738b1 --- /dev/null +++ b/english/security/2020/dsa-4720.wml @@ -0,0 +1,21 @@ +security update + +

It was discovered that roundcube, a skinnable AJAX based webmail +solution for IMAP servers, did not properly sanitize incoming mail +messages. This would allow a remote attacker to perform a Cross-Side +Scripting (XSS) attack.

+ +

For the stable distribution (buster), this problem has been fixed in +version 1.3.14+dfsg.1-1~deb10u1.

+ +

We recommend that you upgrade your roundcube packages.

+ +

For the detailed security status of roundcube please refer to +its security tracker page at: +\ +https://security-tracker.debian.org/tracker/roundcube

+ + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2020/dsa-4720.data" +# $Id: $ -- cgit v1.2.3