Your message dated Wed, 12 Aug 2020 21:32:37 +0000 with message-id <[email protected]> and subject line Bug#968216: fixed in roundcube 1.3.15+dfsg.1-1~deb10u1 has caused the Debian Bug report #968216, regarding roundcube: CVE-2020-16145: XSS vulnerability via HTML messages with malicious svg or math content to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 968216: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968216 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Source: roundcube Severity: important Tags: security Control: found -1 1.4.7+dfsg.2-1 Control: found -1 1.3.14+dfsg.1-1~deb10u1 Control: found -1 1.2.3+dfsg.1-4+deb9u5 In a recent post roundcube webmail upstream has announced the following security fix: Cross-site scripting (XSS) via HTML messages with malicious svg or math content (CVE-2020-16145) 1.2.x, 1.3.x and 1.4.x branches are affected. Upstream fix: 1.4.x https://github.com/roundcube/roundcubemail/commit/a71bf2e8d4a64ff2c83fdabc1e8cb0c045a41ef4 1.3.x https://github.com/roundcube/roundcubemail/commit/d44ca2308a96576b88d6bf27528964d4fe1a6b8b 1.2.x https://github.com/roundcube/roundcubemail/commit/589d36010048300ed39f4887aab1afd3ae98d00e -- Guilhem.
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: roundcube Source-Version: 1.3.15+dfsg.1-1~deb10u1 Done: Guilhem Moulin <[email protected]> We believe that the bug you reported is fixed in the latest version of roundcube, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guilhem Moulin <[email protected]> (supplier of updated roundcube package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 11 Aug 2020 17:44:16 +0200 Source: roundcube Architecture: source Version: 1.3.15+dfsg.1-1~deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Roundcube Maintainers <[email protected]> Changed-By: Guilhem Moulin <[email protected]> Closes: 968216 Changes: roundcube (1.3.15+dfsg.1-1~deb10u1) buster-security; urgency=high . * New upstream release, with security fix for CVE-2020-16145: Cross-site scripting (XSS) vulnerability via HTML messages with malicious svg or math content. (Closes: #968216) Checksums-Sha1: 4dcd76be5a5f08c4066fd0bfa67f5e2d9b15578d 2487 roundcube_1.3.15+dfsg.1-1~deb10u1.dsc 39599eab9130e98b8bc837afdb203b4cf6e5aa82 2186680 roundcube_1.3.15+dfsg.1.orig.tar.xz b1d4f9485571765bcb2965e87eb0a0e3607371c0 3054596 roundcube_1.3.15+dfsg.1-1~deb10u1.debian.tar.xz e9b37330ef398070040988feea2fe277689af95a 9390 roundcube_1.3.15+dfsg.1-1~deb10u1_amd64.buildinfo Checksums-Sha256: 76731d7b6cf7718fdfd661dde434d0cecacf8ffa22575b9beea380cd144b7f6b 2487 roundcube_1.3.15+dfsg.1-1~deb10u1.dsc e6dfe02d7daafa96efdf63ec6a832a2cc201de640e9c26cb760231b304edb399 2186680 roundcube_1.3.15+dfsg.1.orig.tar.xz a80ebbf5e2063636d4d501bb01b0c6aea9cffed47bf6afdeaa3cb04e3d619b7d 3054596 roundcube_1.3.15+dfsg.1-1~deb10u1.debian.tar.xz 68fb212e2646c6da80b589cdbe5c3ebaefc95687caef06e15bf1b79955e124e6 9390 roundcube_1.3.15+dfsg.1-1~deb10u1_amd64.buildinfo Files: b035c79ccea933c4c1fd6dc81fafa403 2487 web optional roundcube_1.3.15+dfsg.1-1~deb10u1.dsc de0d451370d77fe91bfce99024f0e68f 2186680 web optional roundcube_1.3.15+dfsg.1.orig.tar.xz 31298294197f647418de8cf633910078 3054596 web optional roundcube_1.3.15+dfsg.1-1~deb10u1.debian.tar.xz 440fd888d37b6f2694ee2156904e0180 9390 web optional roundcube_1.3.15+dfsg.1-1~deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAl8yvlgACgkQ05pJnDwh pVKi2g/+OSpb5CJ+m7oUMego2gRSBFhuHfZENll0Gvrjvpc+8zFFg6y7ojlLVDt9 +6e3gNqNMmNsZo0z/Kh28T4tOf6MxGf8xiBEXKTbwuUIdnHnISbf21X4rVEVnNem fHn+EOmqKOpMv0WO7lCNlrMuZ1nGUCG0WnQTdpiEmBODGixczM6ynU33My2Z0qBJ hXCpThPUXwqLTrPteqR6M8crcaqJ+TZSEck24R9IoYShatspl6rTKBpH5JCqutvh 7SrchKhOPI6pIovgxwCPzVIM+RwDZCthRb3YV+7JdTVkjpGQvv+RdIvq2e575UV1 QvD7W7Lf1fGM6AN1zAE/f8g2XogmiOJF6LA+glJCajUty1XD13POusIs5TEMJgzv yPrGrFeLOISCU7fqNKYuXi5uamKkaWTjjvUMRt+7MgWEfWDzZqTGuxLVyN7GuL74 GgPtFs30FpoOJe/wibm3lOlKipoObexzJPy6lGNAgNgYaFuHJ4bWH9JEK4AxXAGY 6Y8pNaadw+wbgeKcw/UH9PKXChntAXkPq/8bk2c02rroDmD6yUxYF0e+Ej3y6kuQ /Ucfoyib2pRlvcnzAnovsBgiLSX+8T1uVzfskvVZP1O9DfcgvrIn5t47Kftm00uj eoXI298OXEccF+stADiXc3lGrrandmdIctHXCdBliUuiwy9Y8+o= =GewL -----END PGP SIGNATURE-----
--- End Message ---
