Bug#1003027: roundcube: XSS vulnerability via HTML messages with malicious CSS content

Control: severity -1 serious Hi Guilhem, On Mon, Jan 03, 2022 at 09:57:29AM +0100, Guilhem Moulin wrote: > Control: notfixed -1 1.5.1+dfsg-1 > Control: found -1 1.5.1+dfsg-1 > > Hi Salvatore! > > On Mon, 03 Jan 2022 at 09:47:28 +0100, Salvatore Bonaccorso wrote: > > On Sun, Jan 02, 2022 at 10:5

Bug#1003027: roundcube: XSS vulnerability via HTML messages with malicious CSS content

On 06/01 06:10, Salvatore Bonaccorso wrote: > CVE-2021-46144 has been assigned for the roundcube issue. Thanks for taking care of this Salvatore. I'll review the debdiffs once Guilhem sends them, and will take care of the DSA afterwards. Cheers, -- Seb

Bug#1003027: roundcube: XSS vulnerability via HTML messages with malicious CSS content

Control: retitle -1 roundcube: CVE-2021-46144: XSS vulnerability via HTML messages with malicious CSS content Hi Guilhem, On Wed, Jan 05, 2022 at 09:19:49PM +0100, Guilhem Moulin wrote: > Hi carnil, > > On Wed, 05 Jan 2022 at 20:49:35 +0100, Salvatore Bonaccorso wrote: > > FTR, have not yet hea

Bug#1003027: roundcube: XSS vulnerability via HTML messages with malicious CSS content

Hi carnil, On Wed, 05 Jan 2022 at 20:49:35 +0100, Salvatore Bonaccorso wrote: > FTR, have not yet heard back on the assignment. We can wait a bit > longer, but just wanted to say we do not necessarily need to block on > the missing assignment if we want to release the DSA earlier. The > issue is n

Bug#1003027: roundcube: XSS vulnerability via HTML messages with malicious CSS content

Hi Guilhem, On Mon, Jan 03, 2022 at 10:22:49AM +0100, Salvatore Bonaccorso wrote: > Hi Guilhem, > > On Mon, Jan 03, 2022 at 09:57:29AM +0100, Guilhem Moulin wrote: > > Control: notfixed -1 1.5.1+dfsg-1 > > Control: found -1 1.5.1+dfsg-1 > > > > Hi Salvatore! > > > > On Mon, 03 Jan 2022 at 09:47

Bug#1003027: roundcube: XSS vulnerability via HTML messages with malicious CSS content

Hi Guilhem, On Mon, Jan 03, 2022 at 09:57:29AM +0100, Guilhem Moulin wrote: > Control: notfixed -1 1.5.1+dfsg-1 > Control: found -1 1.5.1+dfsg-1 > > Hi Salvatore! > > On Mon, 03 Jan 2022 at 09:47:28 +0100, Salvatore Bonaccorso wrote: > > On Sun, Jan 02, 2022 at 10:50:25PM +0100, Guilhem Moulin w

Bug#1003027: roundcube: XSS vulnerability via HTML messages with malicious CSS content

Control: notfixed -1 1.5.1+dfsg-1 Control: found -1 1.5.1+dfsg-1 Hi Salvatore! On Mon, 03 Jan 2022 at 09:47:28 +0100, Salvatore Bonaccorso wrote: > On Sun, Jan 02, 2022 at 10:50:25PM +0100, Guilhem Moulin wrote: >> Package: roundcube >> Severity: important >> Tags: security >> Control: found -1 1

Bug#1003027: roundcube: XSS vulnerability via HTML messages with malicious CSS content

Hi Guilhem, On Sun, Jan 02, 2022 at 10:50:25PM +0100, Guilhem Moulin wrote: > Package: roundcube > Severity: important > Tags: security > Control: found -1 1.3.17+dfsg.1-1~deb10u1 > Control: found -1 1.4.12+dfsg.1-1~deb11u1 > Control: fixed -1 1.5.1+dfsg-1 Is thi

Bug#1003027: roundcube: XSS vulnerability via HTML messages with malicious CSS content

Package: roundcube Severity: important Tags: security Control: found -1 1.3.17+dfsg.1-1~deb10u1 Control: found -1 1.4.12+dfsg.1-1~deb11u1 Control: fixed -1 1.5.1+dfsg-1 In a recent post roundcube webmail upstream has announced a fix for a cross-site scripting (XSS) vulnerability via HTML messages