... darkrealms ...

Forums before death by AOL, social media and spammers... "We can't have nice things"

linux.debian.bugs.dist

Ohh some weird Debian bug report thing

28,835 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 26,839 of 28,835

Guilhem Moulin to All

Bug#1127447: roundcube: CSS injection vu

08 Feb 26 23:50:01

   From: guilhem@debian.org   
      
   Source: roundcube   
   Version: 1.6.12+dfsg-1   
   Severity: important   
   Control: found -1 1.6.12+dfsg-0+deb13u1   
   Control: found -1 1.6.5+dfsg-1+deb12u6   
   Control: found -1 1.4.15+dfsg.1-1+deb11u6   
   Tags: security upstream   
   X-Debbugs-Cc: Debian Security Team    
      
   Roundcube webmail upstream has recently released 1.6.13 [0] which fixes   
   the following vulnerabilities:   
      
    * CSS injection vulnerability reported by CERT Polska.   
      https://github.com/roundcube/roundcubemail/commit/1f4c3a5af50   
   3747f9685a8a395dbd8228d19816   
      https://github.com/roundcube/roundcubemail/commit/2b5625f1d2e   
   7e050fd1ae481b2a52dc35466447 (regression)   
      https://github.com/roundcube/roundcubemail/commit/53d75d5dfeb   
   f235a344d476b900c20c12d52b01 (regression)   
      
    * Remote image blocking bypass via SVG content reported by nullcathedral.   
      https://github.com/roundcube/roundcubemail/commit/036e851b683   
   33205813f70acda2dc047b4891c8   
      
   AFAICT no CVE-ID have been published for these issues.  I just requested   
   some.   
   --    
   Guilhem.   
      
   [0] https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13   
      
   -----BEGIN PGP SIGNATURE-----   
      
   iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmmJERUACgkQ05pJnDwh   
   pVLsRBAAvX+W3L32F5qes8Y3+zn6aOmeJ7ytSMrmm9Ii7k2qzlj04Nzftlpm4UNR   
   2QGr97QqWyaZ4M5lK42Ngf20NDeqNcKZdm3LnwOwTMO4eKL7B7IJqqK0Aa9bQIUT   
   2c66+VuZKq1L+2F2iBSQIm60EMkbQbl3g3iW+2SooX26zseEDvZhvZ3N/t6gqOhh   
   L8CNrYCPQlnyl/iQWHyL4rT/CYw1/3ipNHBtx9AMTXxIpHFqV1rjd6EBHfhQLEg3   
   dKD0gGSgV4wII0OrMWXBapS7GtIbNvwkSFIetj2LqGC7/L0ShyVBK5/Ci9Kcb4S8   
   UOyr0XQd1O2btHiEdKSnaAKxSWUb7KHzbB+Nt3Fji3LB8cRGRL53l7qKAt69mjwW   
   lL68sU5dPI7KEKb8iE4vyh3EMETZ/v/TgUUJHIbEW/u6jY36TGK8jpzp5YOGPUmZ   
   jms3Vg7QjwM2Kn72oA474ec9iX4dThoQ1vTTgdoHhseYCMkxaFG/lY5Xf0pCAle8   
   0OuFA7PM850GX9IqQAIHOG/MJ8XfgOC75sfBdKkpOuDPODld5hbl4otbh0UhrlwT   
   d7bnyO9uyjFWKl9IhxFO6ax46YW+3znJi9dNpo3k6K6Hkv9W8W11SNZ26RZx6NgP   
   cvf8vo3gjEFaJdQb2ppnJahk6VeVuPLJr1NzaWsG/769L9DKGWA=   
   =pBIM   
   -----END PGP SIGNATURE-----   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)

[ << oldest | < older | list | newer > | newest >> ]