Bug ID 1180399
Summary VUL 0: CVE-2020-35730: roundcubemail: cross-site scripting (XSS) vulnerability via HTML or plain text messages with malicious content
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.2
Hardware All
OS openSUSE Leap 15.2
Status NEW
Severity Major
Priority P5 - None
Component Other
Assignee screening-team-bugs@suse.de
Reporter lars.vogdt@suse.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

Roundcube developers released security updates to the stable version 1.4 and
the LTS versions 1.3 and 1.2 of Roundcube Webmail. They all contain fixes to a
recently reported stored XSS vulnerability.

https://roundcube.net/news/2020/12/27/security-updates-1.4.10-1.3.16-and-1.2.13

openSUSE Leap 15.1 and 15.2 contain the vulnerable 1.3.15 version.


I already updated the package in obs://server:php:applications to 1.4.10, so
this should fix Tumbleweed (via SR#858985) in a few hours. 

Maintenance updates for the packages in 15.1 and 15.2 will come in a few
minutes.

You are receiving this mail because: