Hi Roberto,
On Tue, 11 Aug 2020 at 14:57:15 -0400, Roberto C. Sánchez wrote:
>>> Dear security team,
Should have been LTS team of course, bad templating from my side :-P
>> I'll take care of it shortly.
>>
> I have uploaded the updated, published the DLA to the mailing list and
> submitted a
On Tue, Aug 11, 2020 at 01:40:48PM -0400, Roberto C. Sánchez wrote:
> On Tue, Aug 11, 2020 at 07:11:57PM +0200, Guilhem Moulin wrote:
> > Dear security team,
> >
> > In a recent post roundcube webmail upstream has announced the following
> > security fix for #968216:
> >
> > Cross-site
On Tue, Aug 11, 2020 at 07:11:57PM +0200, Guilhem Moulin wrote:
> Dear security team,
>
> In a recent post roundcube webmail upstream has announced the following
> security fix for #968216:
>
> Cross-site scripting (XSS) via HTML messages with malicious SVG
> or math content
Dear security team,
In a recent post roundcube webmail upstream has announced the following
security fix for #968216:
Cross-site scripting (XSS) via HTML messages with malicious SVG
or math content (CVE-2020-16145)
AFAICT CVE-2020-16145 is only about SVG not math, but the upstream