Your message dated Tue, 29 Dec 2020 19:32:11 +0000
with message-id <[email protected]>
and subject line Bug#978491: fixed in roundcube 1.3.16+dfsg.1-1~deb10u1
has caused the Debian Bug report #978491,
regarding roundcube: CVE-2020-35730: XSS vulnerability via malious HTML or 
plaintext messages
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
978491: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978491
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: roundcube
Severity: important
Tags: security
Control: found -1 1.4.9+dfsg.1-1
Control: found -1 1.3.15+dfsg.1-1~deb10u1
Control: found -1 1.2.3+dfsg.1-4+deb9u7

In a recent post roundcube webmail upstream has announced the following
security fix:

    Cross-site scripting (XSS) via HTML or Plain text messages with
    malicious content (CVE-2020-35730)

1.2.x, 1.3.x and 1.4.x branches are affected.  Upstream fix:

    1.4.x 
https://github.com/roundcube/roundcubemail/commit/0bceba301aa621ecc0263eac17beee2a4cef0c6d
    1.3.x 
https://github.com/roundcube/roundcubemail/commit/a06ec1dcf9c972d302b16e1ac6aa079a4f6a1c3e
    1.2.x 
https://github.com/roundcube/roundcubemail/commit/47e4d44f62ea16f923761d57f1773a66d51afad4

-- 
Guilhem.

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message ---
Source: roundcube
Source-Version: 1.3.16+dfsg.1-1~deb10u1
Done: Guilhem Moulin <[email protected]>

We believe that the bug you reported is fixed in the latest version of
roundcube, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guilhem Moulin <[email protected]> (supplier of updated roundcube package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 28 Dec 2020 02:49:49 +0100
Source: roundcube
Architecture: source
Version: 1.3.16+dfsg.1-1~deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Roundcube Maintainers 
<[email protected]>
Changed-By: Guilhem Moulin <[email protected]>
Closes: 978491
Changes:
 roundcube (1.3.16+dfsg.1-1~deb10u1) buster-security; urgency=high
 .
   * New upstream bugfix release, with security fix for CVE-2020-35730:
     Cross-site scripting (XSS) vulnerability via HTML or Plain text messages
     with malicious content svg/namespace. (Closes: #978491)
   * Revert upstream commit 435cfa116 to avoid irrelevant jstz update.
Checksums-Sha1:
 357cc65b1f4ef6bfc6038bf2ee38c5691034496b 2487 
roundcube_1.3.16+dfsg.1-1~deb10u1.dsc
 fc6be87bfe587295cc0e2e1a9a3d749124a0dba4 2194236 
roundcube_1.3.16+dfsg.1.orig.tar.xz
 4e221bfe79b2d5fd1544d6f5e722ce25b1d5dbae 3055912 
roundcube_1.3.16+dfsg.1-1~deb10u1.debian.tar.xz
 fa5adcf00cc6021e6c076b629fc9107917105ed6 9465 
roundcube_1.3.16+dfsg.1-1~deb10u1_amd64.buildinfo
Checksums-Sha256:
 23ff645aaaaa00024c251b383798c7176eac9007eaf9a6470798e2df4a9b61e3 2487 
roundcube_1.3.16+dfsg.1-1~deb10u1.dsc
 bdedcef77669267a2cae22021c652ee21d05d953287ee6986cd6e4f8e7c96d21 2194236 
roundcube_1.3.16+dfsg.1.orig.tar.xz
 cef93f449632719c688499b3d7a698483a2574735c44a799a464bfd762f99934 3055912 
roundcube_1.3.16+dfsg.1-1~deb10u1.debian.tar.xz
 9b8f37bbf1db5f679af66191c9f231836abe94b52c06018452b23041da2b5a50 9465 
roundcube_1.3.16+dfsg.1-1~deb10u1_amd64.buildinfo
Files:
 62ec16053573d040d2ea109cea228b95 2487 web optional 
roundcube_1.3.16+dfsg.1-1~deb10u1.dsc
 7ae59502715a5199831b1a2d6e5149ed 2194236 web optional 
roundcube_1.3.16+dfsg.1.orig.tar.xz
 803670bdfbe87e1125264f59a5ba876b 3055912 web optional 
roundcube_1.3.16+dfsg.1-1~deb10u1.debian.tar.xz
 8feefa761bcd44437e336f810df086aa 9465 web optional 
roundcube_1.3.16+dfsg.1-1~deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAl/pRVcACgkQ05pJnDwh
pVJvGBAAxaHQZNTRG17jtnn/5CqgklVCKtfrb5Xkg90OQpi/kEeoDlUvJ5KwEhYi
s+PYpYa5oK4jXyadiD6qZvGbxou31igRaz+hc/tzTWgWGv0H47Jn6fDmQ4TqpgCH
UUKyeSslk5EXpJbI6POt3ZsTiep4QuY+mpruaXaU9KpEpBXGwJ6EKpyZ/j3FrcSX
ngtD/vbOpJYINJ7xg56nenq3n4kXPlA3t+Ew9tAq5P5Ty9m7MY0tN75GMuyU1ZRS
YwLDEY8OPRjs6jPmALdTeLNKTb12lD+sNIhPtCSjgdAETRJBPSBXOwRvT27ZwqIU
tp+/KRaBPe6mgYFGGtNjv7spSBc4Z2RUtvhCjiZdEDB5bxe6oJPEs/DEdhr0w+UY
rKJONAlDBsXHY01ygSy6Slpd0BxBykbLQXIMYk8pMcdg7ejPvhNuuHL+/RFc+Eoe
L2Jk2RzC2FAxQreWYeiTSEAH7FSBp9bRXqf7VpcL9EJiPhUreYm83m25fGNeHqMP
ttkRc9u5uuaB4dGkCw9IcQy5V9xZMor7h/mnyepVUNRVe0nLhmKKkZBVrv/jP4Gy
J3tvYh22RrIDV4XQt4jZpaosSNrF9Cs4AH4PYmM5Vak2ulU5OX5eX10hVgHxrOVE
GQj4fgf7d2CkGtRKsj2s+4Xs69kYWlb/ptQDLC+xsPd7oAhoRWU=
=jFFq
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to