Re: roundcube: CVE-2021-46144: XSS vulnerability via HTML messages with malicious CSS content

2022-01-12 Thread Sylvain Beucler
Hi Guilhem, On 12/01/2022 16:07, Guilhem Moulin wrote: On Wed, 12 Jan 2022 at 15:48:51 +0100, Sylvain Beucler wrote: On 12/01/2022 14:15, Guilhem Moulin wrote: Thanks for the update. Go ahead and upload to stretch-security, and I'll publish the DLA accordingly :) Uploaded to security-master,

[SECURITY] [DLA 2878-1] roundcube security update

2022-01-12 Thread Sylvain Beucler
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2878-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin January 12, 2022

Accepted roundcube 1.2.3+dfsg.1-4+deb9u10 (source) into oldoldstable

2022-01-12 Thread Debian FTP Masters
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 12 Jan 2022 12:56:32 +0100 Source: roundcube Binary: roundcube-core roundcube roundcube-mysql roundcube-pgsql roundcube-sqlite3 roundcube-plugins Architecture: source Version: 1.2.3+dfsg.1-4+deb9u10 Distribution:

Re: roundcube: CVE-2021-46144: XSS vulnerability via HTML messages with malicious CSS content

2022-01-12 Thread Guilhem Moulin
Hi Sylvain! On Wed, 12 Jan 2022 at 15:48:51 +0100, Sylvain Beucler wrote: > On 12/01/2022 14:15, Guilhem Moulin wrote: >> In a recent post roundcube webmail upstream has announced the following >> security fix for #1003027. >> >> CVE-2021-46144: Cross-site scripting (XSS) vulnerability via

Re: roundcube: CVE-2021-46144: XSS vulnerability via HTML messages with malicious CSS content

2022-01-12 Thread Sylvain Beucler
Hello Guilhem, On 12/01/2022 14:15, Guilhem Moulin wrote: In a recent post roundcube webmail upstream has announced the following security fix for #1003027. CVE-2021-46144: Cross-site scripting (XSS) vulnerability via HTML messages with malicious CSS content. (Upstream only released

roundcube: CVE-2021-46144: XSS vulnerability via HTML messages with malicious CSS content

2022-01-12 Thread Guilhem Moulin
Dear LTS Team, In a recent post roundcube webmail upstream has announced the following security fix for #1003027. CVE-2021-46144: Cross-site scripting (XSS) vulnerability via HTML messages with malicious CSS content. (Upstream only released fixes for 1.4 and 1.5 LTS branches, but 1.2

Accepted gdal 2.1.2+dfsg-5+deb9u1 (source) into oldoldstable

2022-01-12 Thread Debian FTP Masters
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 12 Jan 2022 12:52:03 +0100 Source: gdal Architecture: source Version: 2.1.2+dfsg-5+deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Debian GIS Project Changed-By: Emilio Pozuelo Monfort Changes: gdal

[SECURITY] [DLA 2877-1] gdal security update

2022-01-12 Thread Emilio Pozuelo Monfort
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-2877-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort January 12, 2022