FEDORA-EPEL-2013-11311 created by limb 8 years ago for Fedora EPEL 6
obsolete

Two XSS flaws were fixed in roundcube 0.9.3 [1]:

  • Fix XSS vulnerability when saving HTML signatures [2],[3]
  • Fix XSS vulnerability when editing a message "as new" or draft [2],[4]

[1] http://trac.roundcube.net/wiki/Changelog#RELEASE0.9.3 [2] http://trac.roundcube.net/ticket/1489251 [3] http://trac.roundcube.net/changeset/ce5a6496fd6039962ba7424d153278e41ae8761b/github [4] http://trac.roundcube.net/changeset/93b0a30c1c8aa29d862b587b31e52bcc344b8d16/github

This update has been submitted for testing by limb.

8 years ago

This update is currently being pushed to the Fedora EPEL 6 testing updates repository.

8 years ago

This update has been pushed to testing

8 years ago
User Icon orion commented & provided feedback 8 years ago
karma

Seems to be working fine here

Can you please edit these updates with my -2 builds? They add a patch which makes the .swf removal more elegant.

limb has edited this update. New build(s): roundcubemail-0.9.3-2.el6. Removed build(s): roundcubemail-0.9.3-1.el6.

8 years ago

This update has been submitted for testing by limb.

8 years ago

This update is currently being pushed to the Fedora EPEL 6 testing updates repository.

8 years ago

This update has been pushed to testing

8 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
8 years ago
in testing
8 years ago
modified
8 years ago
BZ#1000511 roundcubemail: two XSS flaws fixed in 0.9.3 [fedora-all]
0
0
BZ#1000512 roundcubemail: two XSS flaws fixed in 0.9.3 [epel-6]
0
0

Automated Test Results