Create an account

Subscribe to LWN

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

Weekly edition	Kernel	Security	Distributions	Contact Us	Search
Archives	Calendar	Subscribe	Write for LWN	LWN.net FAQ	Sponsors

roundcubemail: two cross-site scripting flaws

Package(s):

roundcubemail

CVE #(s):

CVE-2013-5645 CVE-2013-5646

Created:

August 29, 2013

Updated:

September 18, 2013

Description:

From the Red Hat bugzilla entry:

Two XSS flaws were fixed in roundcube 0.9.3 [1]:

* Fix XSS vulnerability when saving HTML signatures [2],[3]
* Fix XSS vulnerability when editing a message "as new" or draft [2],[4]

[1] http://trac.roundcube.net/wiki/Changelog#RELEASE0.9.3
[2] http://trac.roundcube.net/ticket/1489251
[3] http://trac.roundcube.net/changeset/ce5a6496fd6039962ba7424d153278e41ae8761b/github
[4] http://trac.roundcube.net/changeset/93b0a30c1c8aa29d862b587b31e52bcc344b8d16/github

Alerts:

Fedora	FEDORA-2013-15221	2013-08-28
Mageia	MGASA-2013-0270	2013-09-03
Fedora	FEDORA-2013-15223	2013-09-03
Mandriva	MDVSA-2013:226	2013-09-05
openSUSE	openSUSE-SU-2013:1420-1	2013-09-09
Fedora	FEDORA-2013-16232	2013-09-18
Fedora	FEDORA-2013-16192	2013-09-18

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds