Control: retitle -1 roundcube: CVE-2021-46144: XSS vulnerability via HTML messages with malicious CSS content
Hi Guilhem, On Wed, Jan 05, 2022 at 09:19:49PM +0100, Guilhem Moulin wrote: > Hi carnil, > > On Wed, 05 Jan 2022 at 20:49:35 +0100, Salvatore Bonaccorso wrote: > > FTR, have not yet heard back on the assignment. We can wait a bit > > longer, but just wanted to say we do not necessarily need to block on > > the missing assignment if we want to release the DSA earlier. The > > issue is not that urgent though I think that we could not wait a bit > > longer. > > Thanks for the follow-up! I have the debdiff ready (modulo d/changelog) > but I agree with your assessment that the severity is not serious > enough to warrant rushing the DSA through. Let's wait a bit longer then :-) CVE-2021-46144 has been assigned for the roundcube issue. Regards, Salvatore