Your message dated Tue, 11 Aug 2020 15:38:26 +0000 with message-id <[email protected]> and subject line Bug#968216: fixed in roundcube 1.4.8+dfsg.1-1 has caused the Debian Bug report #968216, regarding roundcube: CVE-2020-16145: XSS vulnerability via HTML messages with malicious svg or math content to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 968216: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968216 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Source: roundcube Severity: important Tags: security Control: found -1 1.4.7+dfsg.2-1 Control: found -1 1.3.14+dfsg.1-1~deb10u1 Control: found -1 1.2.3+dfsg.1-4+deb9u5 In a recent post roundcube webmail upstream has announced the following security fix: Cross-site scripting (XSS) via HTML messages with malicious svg or math content (CVE-2020-16145) 1.2.x, 1.3.x and 1.4.x branches are affected. Upstream fix: 1.4.x https://github.com/roundcube/roundcubemail/commit/a71bf2e8d4a64ff2c83fdabc1e8cb0c045a41ef4 1.3.x https://github.com/roundcube/roundcubemail/commit/d44ca2308a96576b88d6bf27528964d4fe1a6b8b 1.2.x https://github.com/roundcube/roundcubemail/commit/589d36010048300ed39f4887aab1afd3ae98d00e -- Guilhem.
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: roundcube Source-Version: 1.4.8+dfsg.1-1 Done: Guilhem Moulin <[email protected]> We believe that the bug you reported is fixed in the latest version of roundcube, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guilhem Moulin <[email protected]> (supplier of updated roundcube package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 11 Aug 2020 16:45:02 +0200 Source: roundcube Architecture: source Version: 1.4.8+dfsg.1-1 Distribution: unstable Urgency: high Maintainer: Debian Roundcube Maintainers <[email protected]> Changed-By: Guilhem Moulin <[email protected]> Closes: 968216 Changes: roundcube (1.4.8+dfsg.1-1) unstable; urgency=high . * New upstream bugfix release, including security fix for CVE-2020-16145: Cross-site scripting (XSS) vulnerability via HTML messages with malicious svg or math content. (Closes: #968216) Checksums-Sha1: 5c9a36008a6a7172245cf3dc986d6ed368b5d93c 3078 roundcube_1.4.8+dfsg.1-1.dsc 1b2714116c3da65a6400dee0613d5853e7ea70fe 128892 roundcube_1.4.8+dfsg.1.orig-tinymce-langs.tar.xz ee7aaab7b15ffe4816e29552b5c4075be448b30b 891348 roundcube_1.4.8+dfsg.1.orig-tinymce.tar.xz 188430eddcb89df35893cde34b803231d6b7030a 2934576 roundcube_1.4.8+dfsg.1.orig.tar.xz 382749d9b40ae6c93ce2507db80c3c80aaa2c235 74372 roundcube_1.4.8+dfsg.1-1.debian.tar.xz 96c75ecff22ce0abd3a46d5f55a4d58da331d8f8 10942 roundcube_1.4.8+dfsg.1-1_amd64.buildinfo Checksums-Sha256: 7e9f25c44d21d47dffcb931b268454db9e308a4daa7e774f90db1b02bbdb5114 3078 roundcube_1.4.8+dfsg.1-1.dsc 2c5f7058c7c6eaec01425dbed0b3c4555e7d288d33ab4d4dbeaaa8ed70273427 128892 roundcube_1.4.8+dfsg.1.orig-tinymce-langs.tar.xz 1bc6729eb6d96ed7f3d948683f4425366f45cdf58aa7d941cbf285c5bf1f2a52 891348 roundcube_1.4.8+dfsg.1.orig-tinymce.tar.xz 1aae53b0c74a1232562c53383e7c9f98049aa1f7bfb2de818faa1485f7d028ea 2934576 roundcube_1.4.8+dfsg.1.orig.tar.xz 8b775fec9c885709e710d42e91c3de081ea17fa4bf585d9da1990d6c82affb80 74372 roundcube_1.4.8+dfsg.1-1.debian.tar.xz e8baa19ab994bdfe654b69e554e0ad202fa14aca27036203ad3ae9dbd20d8267 10942 roundcube_1.4.8+dfsg.1-1_amd64.buildinfo Files: c7702309c415c056aaeb8099b89fddff 3078 web optional roundcube_1.4.8+dfsg.1-1.dsc c437d16f0647020f4df24ad101ea1fbd 128892 web optional roundcube_1.4.8+dfsg.1.orig-tinymce-langs.tar.xz a0a6f9eb898deaca182aee874533a4f3 891348 web optional roundcube_1.4.8+dfsg.1.orig-tinymce.tar.xz e06d97a0ddbc292346f7c23b95f67548 2934576 web optional roundcube_1.4.8+dfsg.1.orig.tar.xz 26c90224281c73a42e950f22857cef9a 74372 web optional roundcube_1.4.8+dfsg.1-1.debian.tar.xz 7f87bacff0f0442e55708ab29c3f8a84 10942 web optional roundcube_1.4.8+dfsg.1-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAl8yr6QACgkQ05pJnDwh pVLbDxAAsMX0mDwvwNE/KxmYLri+nznCVyBRek/pRYDFSV+X9aDba38vQTfMxY6m FvyJfsnwHTH7Vaj75uHbYOUO96wG9851LcpEoXXVANJR2ruNQ0euLjX8AL+j5EBQ ohQUjymgNnHdeHIA6Y1v48bTQUsJrsF90i2She+4y5Gp0SUeUfDqpjoMk4OEWnpz qr2exypFNGryu0cM2Ksedxs+eevHYThakE5q4sE0n+fQ2ITd7pXMZiPciBnquzOQ EE7RQDu/zL8T9I23msCPhxu+JxwHVjxZIpV0h0JSQfmrKxft3xj1tNbvtdhL+scI pZ95u3sQRd66D5YlIjzuuLanqkoK83SO66T3TpjV7i1PDuHCuc8F7HfqmFhVRFnv qQQhuURuRZ+0kT/3EdxPmPbzJdp3lZpiQZTbW/FyxCvI87W+esGXCx4mjsmkMn7i GxnTNBpAxNs4opmwyMZzDAqs4GAa2RFNfK371tFp7O/eS6s4VAJM6jjO/Ua1Eywa J0SuqasgCzn/pwQD7SgoY9wqRbjCrgmcrk48YCXVtzILWtkwcE0kFOk9qi29/j1J 2WV/P/WSfQim/Vynr+cXdZFPbJ3gN+1VQ2wkGPeMiPKmC43ltnLWJbHj1ZYlFMWk GcT5c26Sn/P4u78iM53aBfSSSdl+i4i3AB29J/93MnfyGj6f1ys= =h4pi -----END PGP SIGNATURE-----
--- End Message ---
