Dear security team,
In a recent post roundcube webmail upstream has announced the following
security fix for #968216:
Cross-site scripting (XSS) via HTML messages with malicious SVG
or math content (CVE-2020-16145)
AFAICT CVE-2020-16145 is only about SVG not math, but the upstream
commit
On Tue, Aug 11, 2020 at 07:11:57PM +0200, Guilhem Moulin wrote:
> Dear security team,
>
> In a recent post roundcube webmail upstream has announced the following
> security fix for #968216:
>
> Cross-site scripting (XSS) via HTML messages with malicious SVG
> or math content (CVE-2020-161
On Tue, Aug 11, 2020 at 01:40:48PM -0400, Roberto C. Sánchez wrote:
> On Tue, Aug 11, 2020 at 07:11:57PM +0200, Guilhem Moulin wrote:
> > Dear security team,
> >
> > In a recent post roundcube webmail upstream has announced the following
> > security fix for #968216:
> >
> > Cross-site script
Hi Roberto,
On Tue, 11 Aug 2020 at 14:57:15 -0400, Roberto C. Sánchez wrote:
>>> Dear security team,
Should have been LTS team of course, bad templating from my side :-P
>> I'll take care of it shortly.
>>
> I have uploaded the updated, published the DLA to the mailing list and
> submitted a Sa
I am seriously thinking that slirp from unstable should be ported as is
from sid to buster and stretch. This is not a new upstream version, it
has bug fixes and security updates only. Probably the same changes I
would have to make myself in fact. Such as replacing sprintf calls with
snprintf calls
On Wed, Aug 12, 2020 at 08:55:43AM +1000, Brian May wrote:
> I am seriously thinking that slirp from unstable should be ported as is
> from sid to buster and stretch. This is not a new upstream version, it
> has bug fixes and security updates only. Probably the same changes I
> would have to make m
how do i unenroll from deb 8 lts, now that I have upgraded the box to deb
10 ?
On Tue, Aug 11, 2020 at 3:38 AM Adrian Bunk wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> - -
> Debian LTS Advisory DLA-2320