home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   linux.debian.bugs.dist      Ohh some weird Debian bug report thing      28,835 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 26,970 of 28,835   
   Salvatore Bonaccorso to Guilhem Moulin   
   Bug#1127447: roundcube: CSS injection vu   
   09 Feb 26 21:30:01   
   
   From: carnil@debian.org   
      
   Hi Guilhem,   
      
   On Sun, Feb 08, 2026 at 11:41:28PM +0100, Guilhem Moulin wrote:   
   >  * Remote image blocking bypass via SVG content reported by nullcathedral.   
   >    https://github.com/roundcube/roundcubemail/commit/036e851b6   
   3333205813f70acda2dc047b4891c8   
      
   This one got a CVE assigned, assuming the reporter did request it   
   accordingly: CVE-2026-25916   
      
   There is a blog post about it:   
   https://nullcathedral.com/posts/2026-02-08-roundcube-svg-feimage   
   remote-image-bypass/   
      
   The first one AFAIU, has not yet a CVE.   
      
   Regards,   
   Salvatore   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca