Source: roundcube Version: 1.6.4+dfsg-1 Severity: important Control: found -1 1.6.4+dfsg-1~deb12u1 Tags: security upstream
Roundcube webmail upstream has recently released 1.6.5 which fixes the following vulnerability: * Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download. https://github.com/roundcube/roundcubemail/commit/81ac3c342a4f288deb275590895b52ec3785cf8a AFAICT no CVE-ID has been published for this issue. -- Guilhem.
signature.asc
Description: PGP signature