https://bugzilla.suse.com/show_bug.cgi?id=1180399 Bug ID: 1180399 Summary: VUL 0: CVE-2020-35730: roundcubemail: cross-site scripting (XSS) vulnerability via HTML or plain text messages with malicious content Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: All OS: openSUSE Leap 15.2 Status: NEW Severity: Major Priority: P5 - None Component: Other Assignee: screening-team-bugs@suse.de Reporter: lars.vogdt@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Roundcube developers released security updates to the stable version 1.4 and the LTS versions 1.3 and 1.2 of Roundcube Webmail. They all contain fixes to a recently reported stored XSS vulnerability. https://roundcube.net/news/2020/12/27/security-updates-1.4.10-1.3.16-and-1.2... openSUSE Leap 15.1 and 15.2 contain the vulnerable 1.3.15 version. I already updated the package in obs://server:php:applications to 1.4.10, so this should fix Tumbleweed (via SR#858985) in a few hours. Maintenance updates for the packages in 15.1 and 15.2 will come in a few minutes. -- You are receiving this mail because: You are on the CC list for the bug.