LWN.net Logo

roundcubemail: two cross-site scripting flaws

Package(s):roundcubemail CVE #(s):CVE-2013-5645 CVE-2013-5646
Created:August 29, 2013 Updated:September 18, 2013
Description:

From the Red Hat bugzilla entry:

Two XSS flaws were fixed in roundcube 0.9.3 [1]:

* Fix XSS vulnerability when saving HTML signatures [2],[3]
* Fix XSS vulnerability when editing a message "as new" or draft [2],[4]

[1] http://trac.roundcube.net/wiki/Changelog#RELEASE0.9.3
[2] http://trac.roundcube.net/ticket/1489251
[3] http://trac.roundcube.net/changeset/ce5a6496fd6039962ba7424d153278e41ae8761b/github
[4] http://trac.roundcube.net/changeset/93b0a30c1c8aa29d862b587b31e52bcc344b8d16/github

Alerts:
Fedora FEDORA-2013-15221 2013-08-28
Mageia MGASA-2013-0270 2013-09-03
Fedora FEDORA-2013-15223 2013-09-03
Mandriva MDVSA-2013:226 2013-09-05
openSUSE openSUSE-SU-2013:1420-1 2013-09-09
Fedora FEDORA-2013-16232 2013-09-18
Fedora FEDORA-2013-16192 2013-09-18

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds