Package: roundcube Severity: normal
Hi, CVE-2007-6321 details a XSS vulnerability in Roundcube 0.1rc2 and earlier. Its only affects users of IE who are using roundcube, so it may seem unimportant, but the sad fact of the matter is many people still use that browser and most people who run webmail are likely to be visited by IE users. Please mention this CVE in any changelogs that address this issue. When a fix is available, please upload with urgency=high to speed up migration to testing. If you have any questions or need help, visit us in channel #debian-security on OFTC. URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6321 Reference: BUGTRAQ:20071209 Unsanitized scripting in RoundCube webmail Reference: http://www.securityfocus.com/archive/1/archive/1/484802/100/0/threaded Reference: http://openmya.hacker.jp/hasegawa/security/expression.txt Reference: XF:roundcube-email-messages-xss(38981) Reference: URL:http://xforce.iss.net/xforce/xfdb/38981 Micah -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.22-2-vserver-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
