[Bug 1180399] New: VUL 0: CVE-2020-35730: roundcubemail: cross-site scripting (XSS) vulnerability via HTML or plain text messages with malicious content - openSUSE Bugs - openSUSE Mailing Lists

newer
[Bug 1194605] python3 leaks strict...

[Bug 1180399] New: VUL 0: CVE-2020-35730: roundcubemail: cross-site scripting (XSS) vulnerability via HTML or plain text messages with malicious content

older
[Bug 1204307] [MicroOS] Package...

bugzilla_noreply＠suse.com

28 Dec 2020 28 Dec '20

10:33

https://bugzilla.suse.com/show_bug.cgi?id=1180399 Bug ID: 1180399 Summary: VUL 0: CVE-2020-35730: roundcubemail: cross-site scripting (XSS) vulnerability via HTML or plain text messages with malicious content Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: All OS: openSUSE Leap 15.2 Status: NEW Severity: Major Priority: P5 - None Component: Other Assignee: screening-team-bugs@suse.de Reporter: lars.vogdt@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Roundcube developers released security updates to the stable version 1.4 and the LTS versions 1.3 and 1.2 of Roundcube Webmail. They all contain fixes to a recently reported stored XSS vulnerability. https://roundcube.net/news/2020/12/27/security-updates-1.4.10-1.3.16-and-1.2... openSUSE Leap 15.1 and 15.2 contain the vulnerable 1.3.15 version. I already updated the package in obs://server:php:applications to 1.4.10, so this should fix Tumbleweed (via SR#858985) in a few hours. Maintenance updates for the packages in 15.1 and 15.2 will come in a few minutes. -- You are receiving this mail because: You are on the CC list for the bug.

Attachments:

attachment.htm (text/html — 2.9 KB)

Reply

Sign in to reply online Use email software

Show replies by date

bugzilla_noreply＠suse.com

28 Dec 28 Dec

10:33

New subject: [Bug 1180399] VUL 0: CVE-2020-35730: roundcubemail: cross-site scripting (XSS) vulnerability via HTML or plain text messages with malicious content

https://bugzilla.suse.com/show_bug.cgi?id=1180399 Lars Vogdt <lars.vogdt@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lars.vogdt@suse.com Assignee|screening-team-bugs@suse.de |security-team@suse.de -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

10:34

New subject: [Bug 1180399] VUL 0: CVE-2020-35730: roundcubemail: cross-site scripting (XSS) vulnerability via HTML or plain text messages with malicious content

https://bugzilla.suse.com/show_bug.cgi?id=1180399 Lars Vogdt <lars.vogdt@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Found By|--- |Development -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

10:48

New subject: [Bug 1180399] VUL 0: CVE-2020-35730: roundcubemail: cross-site scripting (XSS) vulnerability via HTML or plain text messages with malicious content

https://bugzilla.suse.com/show_bug.cgi?id=1180399 https://bugzilla.suse.com/show_bug.cgi?id=1180399#c1 Lars Vogdt <lars.vogdt@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS --- Comment #1 from Lars Vogdt <lars.vogdt@suse.com> --- Submitted fixed packages for: * Backports SLE-15-SP1 * Backports SLE-15-SP2 * Backports SLE-15-SP3 * openSUSE Leap 15.1 * openSUSE Leap 15.2 via openSUSE:Maintenance mr#858988 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

11:20

New subject: [Bug 1180399] VUL 0: CVE-2020-35730: roundcubemail: cross-site scripting (XSS) vulnerability via HTML or plain text messages with malicious content

https://bugzilla.suse.com/show_bug.cgi?id=1180399 https://bugzilla.suse.com/show_bug.cgi?id=1180399#c2 --- Comment #2 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1180399) was mentioned in https://build.opensuse.org/request/show/858987 Factory / roundcubemail -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

27 Jun 27 Jun

10:15

New subject: [Bug 1180399] VUL 0: CVE-2020-35730: roundcubemail: cross-site scripting (XSS) vulnerability via HTML or plain text messages with malicious content

https://bugzilla.suse.com/show_bug.cgi?id=1180399 https://bugzilla.suse.com/show_bug.cgi?id=1180399#c4 --- Comment #4 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2021:0931-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1180399,1187706,1187707 CVE References: CVE-2020-18670,CVE-2020-18671,CVE-2020-35730 JIRA References: Sources used: openSUSE Leap 15.2 (src): roundcubemail-1.3.16-lp152.4.6.1 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

30 Jun 30 Jun

13:44

New subject: [Bug 1180399] VUL 0: CVE-2020-35730: roundcubemail: cross-site scripting (XSS) vulnerability via HTML or plain text messages with malicious content

https://bugzilla.suse.com/show_bug.cgi?id=1180399 https://bugzilla.suse.com/show_bug.cgi?id=1180399#c5 --- Comment #5 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2021:0942-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1180399,1187706,1187707 CVE References: CVE-2020-18670,CVE-2020-18671,CVE-2020-35730 JIRA References: Sources used: openSUSE Backports SLE-15-SP2 (src): roundcubemail-1.3.16-bp152.4.6.1 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

14:17

New subject: [Bug 1180399] VUL 0: CVE-2020-35730: roundcubemail: cross-site scripting (XSS) vulnerability via HTML or plain text messages with malicious content

https://bugzilla.suse.com/show_bug.cgi?id=1180399 https://bugzilla.suse.com/show_bug.cgi?id=1180399#c6 --- Comment #6 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2021:0943-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1180399,1187706,1187707 CVE References: CVE-2020-18670,CVE-2020-18671,CVE-2020-35730 JIRA References: Sources used: openSUSE Backports SLE-15-SP1 (src): roundcubemail-1.3.16-bp151.4.6.1 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

6 Jul 6 Jul

07:15

New subject: [Bug 1180399] VUL 0: CVE-2020-35730: roundcubemail: cross-site scripting (XSS) vulnerability via HTML or plain text messages with malicious content

https://bugzilla.suse.com/show_bug.cgi?id=1180399 https://bugzilla.suse.com/show_bug.cgi?id=1180399#c7 --- Comment #7 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2021:0974-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1180399,1187706,1187707 CVE References: CVE-2020-18670,CVE-2020-18671,CVE-2020-35730 JIRA References: Sources used: openSUSE Backports SLE-15-SP2 (src): roundcubemail-1.3.16-bp152.4.14.1 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

9 Jul 9 Jul

15:48

New subject: [Bug 1180399] VUL 0: CVE-2020-35730: roundcubemail: cross-site scripting (XSS) vulnerability via HTML or plain text messages with malicious content

https://bugzilla.suse.com/show_bug.cgi?id=1180399 https://bugzilla.suse.com/show_bug.cgi?id=1180399#c8 --- Comment #8 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2021:1014-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1180399,1187706,1187707 CVE References: CVE-2020-18670,CVE-2020-18671,CVE-2020-35730 JIRA References: Sources used: openSUSE Backports SLE-15-SP2 (src): roundcubemail-1.3.16-bp152.4.18.1 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

16 Oct 16 Oct

22:22

New subject: [Bug 1180399] VUL 0: CVE-2020-35730: roundcubemail: cross-site scripting (XSS) vulnerability via HTML or plain text messages with malicious content

https://bugzilla.suse.com/show_bug.cgi?id=1180399 https://bugzilla.suse.com/show_bug.cgi?id=1180399#c10 --- Comment #10 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2022:10148-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1180132,1180399 CVE References: CVE-2019-10740,CVE-2020-12641,CVE-2020-16145,CVE-2020-35730 JIRA References: Sources used: openSUSE Backports SLE-15-SP4 (src): roundcubemail-1.5.3-bp154.2.3.1 openSUSE Backports SLE-15-SP3 (src): roundcubemail-1.5.3-bp153.2.3.1 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠suse.com

17 Oct 17 Oct

06:31

New subject: [Bug 1180399] VUL 0: CVE-2020-35730: roundcubemail: cross-site scripting (XSS) vulnerability via HTML or plain text messages with malicious content

https://bugzilla.suse.com/show_bug.cgi?id=1180399 Stoyan Manolov <stoyan.manolov@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED CC| |stoyan.manolov@suse.com Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

796

Age (days ago)

1454

Last active (days ago)

Download

11 comments

1 participants

tags

participants (1)

bugzilla_noreply＠suse.com