Package: roundcube Version: 0.2~alpha-4 Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for roundcube.
CVE-2009-0413[0]: | Cross-site scripting (XSS) vulnerability in RoundCube Webmail | (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary | web script or HTML via the background attribute embedded in an HTML | e-mail message. This bugreport concerns the experimental version. The other versions don't seem to be affected after a quick glance. The published upstream patch is here[1]. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Cheers Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0413 http://security-tracker.debian.net/tracker/CVE-2009-0413 [1] http://trac.roundcube.net/changeset/2245 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
