-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2878-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin January 12, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : roundcube Version : 1.2.3+dfsg.1-4+deb9u10 CVE ID : CVE-2021-46144 Debian Bug : 1003027 It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize HTML messages. This would allow an attacker to perform Cross-Site Scripting (XSS) attacks. For Debian 9 stretch, this problem has been fixed in version 1.2.3+dfsg.1-4+deb9u10. We recommend that you upgrade your roundcube packages. For the detailed security status of roundcube please refer to its security tracker page at: https://security-tracker.debian.org/tracker/roundcube Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmHe9V0ACgkQDTl9HeUl XjBnVxAArP71IOzv70OAZk5Cfr6PQkBKy0h0xnG7qnNI4HbNtAJgl2bcgGy8qBIh Eb+QZduJZc7b0C/jMZbBcmuOkMYC6jhczM5/Z/uhb5OOFYyZ5/XBXg2AYtK5QU9f RqEzPNljiKMPc6wKZHcPnhDA2aN8HwHRvkVi8VMD9Cp+eZJ6yb1vYDvIcr/uOMdk Gla2fSSaGJeJ3koiJ3KJBnN9PshKopEgupggUj6ZGWCx+QnURTXvHnQtRHtZevSh 0PgreJSwriwsy+iwSh39nOInvi6mosT/xI1eQ1GwRp1w8s6hoGuxy1pQsnu2Nmmz OFWwILoF4fe322EAXYy8sjv5YBmpcIQQX+YOkDUzBBcSlw7/PNz8NDBnQPZ6OA5v 5adigWXVlRTz1iOALz6NiegI8/f41wEWIno25RkcqGoct2Ta/VZAF8L7hll9sQ+h RKOMNGVKhegL7g4fvJH+bdMBlhjdbXRaEyUhVkT2aQ7oqDwak3PM9YSOQmjI+qof PbhZtfC0xhRn9lgYurBePCAeD2uvfRDJMBfwagBVYd70W3mSkXSjxj0RpOfR0X1Q LIWMzMJ+pg5Bw5mZ3jm8tEZm23EjBOVTHvVngzEfhF4BkDrx00HUp0HmLIgByN2u 0UTsLkho6pGYE51BEfanoQ2EfS8olAeZsp44dYQuuciwL2rRsTw= =qqvc -----END PGP SIGNATURE-----
