Processed: Re: Bug#857473: [Pkg-roundcube-maintainers] Bug#857473: roundcube: XSS issue in handling of a style tag inside of an svg element

2017-03-14 Thread Debian Bug Tracking System 
Processing control commands:

> reopen -1
Bug #857473 {Done: Guilhem Moulin } [src:roundcube] 
roundcube: CVE-2017-6820: XSS issue in handling of a style tag inside of an svg 
element
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, and you may need to re-add them.
Bug reopened
No longer marked as fixed in versions roundcube/1.2.3+dfsg.1-2.
> tag -1 pending
Bug #857473 [src:roundcube] roundcube: CVE-2017-6820: XSS issue in handling of 
a style tag inside of an svg element
Added tag(s) pending.

-- 
857473: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857473
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#857473: [Pkg-roundcube-maintainers] Bug#857473: roundcube: XSS issue in handling of a style tag inside of an svg element

2017-03-14 Thread Guilhem Moulin 
Control: reopen -1
Control: tag -1 pending

On Tue, 14 Mar 2017 at 07:40:34 +0100, Vincent Bernat wrote:
> Both of them uploaded.

Crap, I shouldn't work in the middle of the night, I forgot to add the
patch to the debian/patches/series…  Fixed in the VCS, sorry for the
inconvenience. :-(

-- 
Guilhem.


signature.asc
Description: PGP signature

Bug#857473: [Pkg-roundcube-maintainers] Bug#857473: roundcube: XSS issue in handling of a style tag inside of an svg element

2017-03-14 Thread Salvatore Bonaccorso 
Hi

On Tue, Mar 14, 2017 at 04:16:18AM +0100, Guilhem Moulin wrote:
> Control: tag -1 pending
> 
> Hi,
> 
> On Sat, 11 Mar 2017 at 20:29:11 +0100, Salvatore Bonaccorso wrote:
> > 1.2.4 roundcube release fixed a XSS issue in handling of a style tag
> > inside of an svg element.
> 
> Thanks for the ping and the pointers!  I applied the fix to 1.2.3
> (unstable) and 1.1.5 (jessie-backports).

Thanks you Guilhem! (and Vincent as well).

Salvatore

Bug#857473: [Pkg-roundcube-maintainers] Bug#857473: roundcube: XSS issue in handling of a style tag inside of an svg element

2017-03-14 Thread Vincent Bernat 
 ❦ 14 mars 2017 04:16 +0100, Guilhem Moulin  :

>> 1.2.4 roundcube release fixed a XSS issue in handling of a style tag
>> inside of an svg element.
>
> Thanks for the ping and the pointers!  I applied the fix to 1.2.3
> (unstable) and 1.1.5 (jessie-backports).
>
> Could someone else in the team upload the two source packages?  I don't
> have upload privileges :-P  (Also I didn't tag the releases.)

Both of them uploaded.
-- 
Program defensively.
- The Elements of Programming Style (Kernighan & Plauger)


signature.asc
Description: PGP signature

Bug#857473: [Pkg-roundcube-maintainers] Bug#857473: roundcube: XSS issue in handling of a style tag inside of an svg element

2017-03-13 Thread Guilhem Moulin 
Control: tag -1 pending

Hi,

On Sat, 11 Mar 2017 at 20:29:11 +0100, Salvatore Bonaccorso wrote:
> 1.2.4 roundcube release fixed a XSS issue in handling of a style tag
> inside of an svg element.

Thanks for the ping and the pointers!  I applied the fix to 1.2.3
(unstable) and 1.1.5 (jessie-backports).

Could someone else in the team upload the two source packages?  I don't
have upload privileges :-P  (Also I didn't tag the releases.)

Cheers,
-- 
Guilhem.


signature.asc
Description: PGP signature