Your message dated Mon, 28 Dec 2020 01:20:20 +0000 with message-id <[email protected]> and subject line Bug#978491: fixed in roundcube 1.4.10+dfsg.1-1 has caused the Debian Bug report #978491, regarding roundcube: CVE-2020-35730: XSS vulnerability via malious HTML or plaintext messages to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 978491: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978491 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Source: roundcube Severity: important Tags: security Control: found -1 1.4.9+dfsg.1-1 Control: found -1 1.3.15+dfsg.1-1~deb10u1 Control: found -1 1.2.3+dfsg.1-4+deb9u7 In a recent post roundcube webmail upstream has announced the following security fix: Cross-site scripting (XSS) via HTML or Plain text messages with malicious content (CVE-2020-35730) 1.2.x, 1.3.x and 1.4.x branches are affected. Upstream fix: 1.4.x https://github.com/roundcube/roundcubemail/commit/0bceba301aa621ecc0263eac17beee2a4cef0c6d 1.3.x https://github.com/roundcube/roundcubemail/commit/a06ec1dcf9c972d302b16e1ac6aa079a4f6a1c3e 1.2.x https://github.com/roundcube/roundcubemail/commit/47e4d44f62ea16f923761d57f1773a66d51afad4 -- Guilhem.
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: roundcube Source-Version: 1.4.10+dfsg.1-1 Done: Guilhem Moulin <[email protected]> We believe that the bug you reported is fixed in the latest version of roundcube, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guilhem Moulin <[email protected]> (supplier of updated roundcube package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 28 Dec 2020 01:33:45 +0100 Source: roundcube Architecture: source Version: 1.4.10+dfsg.1-1 Distribution: unstable Urgency: high Maintainer: Debian Roundcube Maintainers <[email protected]> Changed-By: Guilhem Moulin <[email protected]> Closes: 978069 978491 Changes: roundcube (1.4.10+dfsg.1-1) unstable; urgency=high . * New upstream bugfix release, including security fix for: CVE-2020-35730: Cross-site scripting (XSS) vulnerability via HTML or Plain text messages with malicious content svg/namespace. (Closes: #978491) * d/rules: Make sure to fail the build when an error is raised in a for loop. (Closes: #978069) * d/rules: Refactor and move CSS/JS generation and minification from override_dh_auto_install to override_dh_auto_build. Thanks to Jonas Smedegaard pointing this out. * Bump Standards-Version to 4.5.1 (no changes needed). * Upgrade watch file to version 4. * Rename Debian branch to debian/latest for DEP-14 compliance. * d/gbp.conf: Remove custom setting compression=xz. Checksums-Sha1: 40af6bbe6410e1da6f8d29b9cddd7a599452e14b 3108 roundcube_1.4.10+dfsg.1-1.dsc 5565ee2e76734a2ef5edb4c20c6dde95a6a819bc 128812 roundcube_1.4.10+dfsg.1.orig-tinymce-langs.tar.xz fab4edb0291d5b68c5b9347f64d057379f4b0885 888912 roundcube_1.4.10+dfsg.1.orig-tinymce.tar.xz e21e4874021bb3c61e3af53c536bdd18f2406a6a 2935948 roundcube_1.4.10+dfsg.1.orig.tar.xz 95913c9d228fc0e11edb2b9b8dd1838150534c6f 75400 roundcube_1.4.10+dfsg.1-1.debian.tar.xz ae934592535d6165d699ff4d67232e3e4e730b9d 9599 roundcube_1.4.10+dfsg.1-1_amd64.buildinfo Checksums-Sha256: 2bdcea77ff129dc06c327d7ce1d7155d6f52f07ca955fff7173eb50a8839d614 3108 roundcube_1.4.10+dfsg.1-1.dsc 56b4a1e09fa0c8e3d4de7971fcaf52951857f1779cfcf2ebcfef208f9d40c62c 128812 roundcube_1.4.10+dfsg.1.orig-tinymce-langs.tar.xz f8c8a7940f52e2b21a2f0c5aa5c15376251c7c025b0b1318d6d217f5cc5c2f3a 888912 roundcube_1.4.10+dfsg.1.orig-tinymce.tar.xz ccbc4d66f91fbf1364a86f9c6b422c882decbab05b76d2173618ce4e72d4ff5f 2935948 roundcube_1.4.10+dfsg.1.orig.tar.xz 3e0c95b034d708e0a1f73aa278fb62202b19315007368bde5748934389a9f057 75400 roundcube_1.4.10+dfsg.1-1.debian.tar.xz 7635b2c2d43025c3e2a2ad33dd502b6037d2ab68973f8ef21310f69e3d4f85a5 9599 roundcube_1.4.10+dfsg.1-1_amd64.buildinfo Files: b7de68f748a525470d08d97cd32a3c25 3108 web optional roundcube_1.4.10+dfsg.1-1.dsc 043152684335e5c4142343b4498cb000 128812 web optional roundcube_1.4.10+dfsg.1.orig-tinymce-langs.tar.xz 40e4177d55dc1c93b01e3f765beb689b 888912 web optional roundcube_1.4.10+dfsg.1.orig-tinymce.tar.xz f0772217b48101dfc0783da3a4de4663 2935948 web optional roundcube_1.4.10+dfsg.1.orig.tar.xz eadbfb95c7ca9353ecc58c46190eb4a1 75400 web optional roundcube_1.4.10+dfsg.1-1.debian.tar.xz eef8b92295e918359e4cfc28759d600e 9599 web optional roundcube_1.4.10+dfsg.1-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAl/pKPkACgkQ05pJnDwh pVJxlBAAzSxhr5fx7peaqZe+dxBHv8omPz+iWm/YyWoZVYpMwZdFOhzXMVoKDqpi 8jHcQQ50qYtq8E+il9UE9HrhhnphEBB3fNgnS6YxtWQbyirviX2KKJs+dHGl5L1O 3HGYd0/mCukE4o4/q/bZ1VN2CLckqiGcdXUVJcK5fAcnOuy2iQwmvbCreL1fLv1M AP7MUgOGW/B1iLAl0zbbNyX/DWV523BKl7oM7akSTdoVnO5dJRMtR2YCkoq1+DDP ro6ezRhFpzjsxVlrrhF1WoA8eLJS6SnndRqlFRPUaqd2FGrnfPPKtEqMydTdetxt oSvmVPV0SjZtnFTmBJjLWCPUBHzwRCtZ4IVlzsRshAt2rNl1RXoNpic4t5TMX6BL WjBBICIcbb/KcJCu6uZREjhhk4ZX/bu8BbXf8qHKBc9XyuphU7UwHOSfbgglZK8i qbbBr4T815NhoCJ5045g7wylUNNV/cfh2y6HHuKHwdAL7e1zPsqhLobbxyzXmchA WuYwHiwaRMMuF2vizeT3cs/fgrq2eThcmfhM+DNK/0tQ/lYNkWzXRqExbuj98QkI ySF19hscCil0yDH16JftYSDEQsdd4pLwggPGbblGdanwpxeS0Gb5dtl9eW36pYz+ +A8cfXdGSULhI0U26wi7NUpS9i17/B9qNaLWCiwU3Xr1pxINoW4= =ykMb -----END PGP SIGNATURE-----
--- End Message ---

