Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
329036ef by Moritz Muehlenhoff at 2018-11-24T11:25:00Z
extend explanation for one roundcube issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1082,7 +1082,7 @@ CVE-2018-19206 (steps/mail/func.inc in Roundcube before
1.3.8 has XSS via crafte
NOTE:
https://github.com/roundcube/roundcubemail/commit/adcac3b9de2728c34c4d2b107e54823b6a7f6a5b
(master)
CVE-2018-19205 (Roundcube before 1.3.7 mishandles GnuPG MDC
integrity-protection ...)
- roundcube 1.3.8+dfsg.1-1
- [stretch] - roundcube <ignored> (Relies on properly working
php-crypt-gpg)
+ [stretch] - roundcube <ignored> (Relies on php-crypt-gpg, not in
stretch. Old version in 1.3 doesn't verify signature anyway)
NOTE: https://roundcube.net/news/2018/07/27/update-1.3.7-released
NOTE: https://github.com/roundcube/roundcubemail/issues/6289
NOTE:
https://github.com/roundcube/roundcubemail/commit/94da947855329c5062ec2a7098eb86fb675aac37
(release-1.3)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/329036ef7d188561f2cb27648a1b379a9056c62a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/329036ef7d188561f2cb27648a1b379a9056c62a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
