Processed: Re: Bug#857473: [Pkg-roundcube-maintainers] Bug#857473: roundcube: XSS issue in handling of a style tag inside of an svg element
Processing control commands: > reopen -1 Bug #857473 {Done: Guilhem Moulin} [src:roundcube] roundcube: CVE-2017-6820: XSS issue in handling of a style tag inside of an svg element 'reopen' may be inappropriate when a bug has been closed with a version; all fixed versions will be cleared, and you may need to re-add them. Bug reopened No longer marked as fixed in versions roundcube/1.2.3+dfsg.1-2. > tag -1 pending Bug #857473 [src:roundcube] roundcube: CVE-2017-6820: XSS issue in handling of a style tag inside of an svg element Added tag(s) pending. -- 857473: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857473 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#857473: [Pkg-roundcube-maintainers] Bug#857473: roundcube: XSS issue in handling of a style tag inside of an svg element
Control: reopen -1 Control: tag -1 pending On Tue, 14 Mar 2017 at 07:40:34 +0100, Vincent Bernat wrote: > Both of them uploaded. Crap, I shouldn't work in the middle of the night, I forgot to add the patch to the debian/patches/series… Fixed in the VCS, sorry for the inconvenience. :-( -- Guilhem. signature.asc Description: PGP signature
Bug#857473: [Pkg-roundcube-maintainers] Bug#857473: roundcube: XSS issue in handling of a style tag inside of an svg element
Hi On Tue, Mar 14, 2017 at 04:16:18AM +0100, Guilhem Moulin wrote: > Control: tag -1 pending > > Hi, > > On Sat, 11 Mar 2017 at 20:29:11 +0100, Salvatore Bonaccorso wrote: > > 1.2.4 roundcube release fixed a XSS issue in handling of a style tag > > inside of an svg element. > > Thanks for the ping and the pointers! I applied the fix to 1.2.3 > (unstable) and 1.1.5 (jessie-backports). Thanks you Guilhem! (and Vincent as well). Salvatore
Bug#857473: [Pkg-roundcube-maintainers] Bug#857473: roundcube: XSS issue in handling of a style tag inside of an svg element
❦ 14 mars 2017 04:16 +0100, Guilhem Moulin: >> 1.2.4 roundcube release fixed a XSS issue in handling of a style tag >> inside of an svg element. > > Thanks for the ping and the pointers! I applied the fix to 1.2.3 > (unstable) and 1.1.5 (jessie-backports). > > Could someone else in the team upload the two source packages? I don't > have upload privileges :-P (Also I didn't tag the releases.) Both of them uploaded. -- Program defensively. - The Elements of Programming Style (Kernighan & Plauger) signature.asc Description: PGP signature
Bug#857473: [Pkg-roundcube-maintainers] Bug#857473: roundcube: XSS issue in handling of a style tag inside of an svg element
Control: tag -1 pending Hi, On Sat, 11 Mar 2017 at 20:29:11 +0100, Salvatore Bonaccorso wrote: > 1.2.4 roundcube release fixed a XSS issue in handling of a style tag > inside of an svg element. Thanks for the ping and the pointers! I applied the fix to 1.2.3 (unstable) and 1.1.5 (jessie-backports). Could someone else in the team upload the two source packages? I don't have upload privileges :-P (Also I didn't tag the releases.) Cheers, -- Guilhem. signature.asc Description: PGP signature