Your message dated Tue, 29 Dec 2020 19:32:11 +0000 with message-id <[email protected]> and subject line Bug#978491: fixed in roundcube 1.3.16+dfsg.1-1~deb10u1 has caused the Debian Bug report #978491, regarding roundcube: CVE-2020-35730: XSS vulnerability via malious HTML or plaintext messages to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 978491: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978491 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Source: roundcube Severity: important Tags: security Control: found -1 1.4.9+dfsg.1-1 Control: found -1 1.3.15+dfsg.1-1~deb10u1 Control: found -1 1.2.3+dfsg.1-4+deb9u7 In a recent post roundcube webmail upstream has announced the following security fix: Cross-site scripting (XSS) via HTML or Plain text messages with malicious content (CVE-2020-35730) 1.2.x, 1.3.x and 1.4.x branches are affected. Upstream fix: 1.4.x https://github.com/roundcube/roundcubemail/commit/0bceba301aa621ecc0263eac17beee2a4cef0c6d 1.3.x https://github.com/roundcube/roundcubemail/commit/a06ec1dcf9c972d302b16e1ac6aa079a4f6a1c3e 1.2.x https://github.com/roundcube/roundcubemail/commit/47e4d44f62ea16f923761d57f1773a66d51afad4 -- Guilhem.
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: roundcube Source-Version: 1.3.16+dfsg.1-1~deb10u1 Done: Guilhem Moulin <[email protected]> We believe that the bug you reported is fixed in the latest version of roundcube, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guilhem Moulin <[email protected]> (supplier of updated roundcube package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 28 Dec 2020 02:49:49 +0100 Source: roundcube Architecture: source Version: 1.3.16+dfsg.1-1~deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Roundcube Maintainers <[email protected]> Changed-By: Guilhem Moulin <[email protected]> Closes: 978491 Changes: roundcube (1.3.16+dfsg.1-1~deb10u1) buster-security; urgency=high . * New upstream bugfix release, with security fix for CVE-2020-35730: Cross-site scripting (XSS) vulnerability via HTML or Plain text messages with malicious content svg/namespace. (Closes: #978491) * Revert upstream commit 435cfa116 to avoid irrelevant jstz update. Checksums-Sha1: 357cc65b1f4ef6bfc6038bf2ee38c5691034496b 2487 roundcube_1.3.16+dfsg.1-1~deb10u1.dsc fc6be87bfe587295cc0e2e1a9a3d749124a0dba4 2194236 roundcube_1.3.16+dfsg.1.orig.tar.xz 4e221bfe79b2d5fd1544d6f5e722ce25b1d5dbae 3055912 roundcube_1.3.16+dfsg.1-1~deb10u1.debian.tar.xz fa5adcf00cc6021e6c076b629fc9107917105ed6 9465 roundcube_1.3.16+dfsg.1-1~deb10u1_amd64.buildinfo Checksums-Sha256: 23ff645aaaaa00024c251b383798c7176eac9007eaf9a6470798e2df4a9b61e3 2487 roundcube_1.3.16+dfsg.1-1~deb10u1.dsc bdedcef77669267a2cae22021c652ee21d05d953287ee6986cd6e4f8e7c96d21 2194236 roundcube_1.3.16+dfsg.1.orig.tar.xz cef93f449632719c688499b3d7a698483a2574735c44a799a464bfd762f99934 3055912 roundcube_1.3.16+dfsg.1-1~deb10u1.debian.tar.xz 9b8f37bbf1db5f679af66191c9f231836abe94b52c06018452b23041da2b5a50 9465 roundcube_1.3.16+dfsg.1-1~deb10u1_amd64.buildinfo Files: 62ec16053573d040d2ea109cea228b95 2487 web optional roundcube_1.3.16+dfsg.1-1~deb10u1.dsc 7ae59502715a5199831b1a2d6e5149ed 2194236 web optional roundcube_1.3.16+dfsg.1.orig.tar.xz 803670bdfbe87e1125264f59a5ba876b 3055912 web optional roundcube_1.3.16+dfsg.1-1~deb10u1.debian.tar.xz 8feefa761bcd44437e336f810df086aa 9465 web optional roundcube_1.3.16+dfsg.1-1~deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAl/pRVcACgkQ05pJnDwh pVJvGBAAxaHQZNTRG17jtnn/5CqgklVCKtfrb5Xkg90OQpi/kEeoDlUvJ5KwEhYi s+PYpYa5oK4jXyadiD6qZvGbxou31igRaz+hc/tzTWgWGv0H47Jn6fDmQ4TqpgCH UUKyeSslk5EXpJbI6POt3ZsTiep4QuY+mpruaXaU9KpEpBXGwJ6EKpyZ/j3FrcSX ngtD/vbOpJYINJ7xg56nenq3n4kXPlA3t+Ew9tAq5P5Ty9m7MY0tN75GMuyU1ZRS YwLDEY8OPRjs6jPmALdTeLNKTb12lD+sNIhPtCSjgdAETRJBPSBXOwRvT27ZwqIU tp+/KRaBPe6mgYFGGtNjv7spSBc4Z2RUtvhCjiZdEDB5bxe6oJPEs/DEdhr0w+UY rKJONAlDBsXHY01ygSy6Slpd0BxBykbLQXIMYk8pMcdg7ejPvhNuuHL+/RFc+Eoe L2Jk2RzC2FAxQreWYeiTSEAH7FSBp9bRXqf7VpcL9EJiPhUreYm83m25fGNeHqMP ttkRc9u5uuaB4dGkCw9IcQy5V9xZMor7h/mnyepVUNRVe0nLhmKKkZBVrv/jP4Gy J3tvYh22RrIDV4XQt4jZpaosSNrF9Cs4AH4PYmM5Vak2ulU5OX5eX10hVgHxrOVE GQj4fgf7d2CkGtRKsj2s+4Xs69kYWlb/ptQDLC+xsPd7oAhoRWU= =jFFq -----END PGP SIGNATURE-----
--- End Message ---

