Mailinglist Archive: opensuse-bugs (3354 mails)

< Previous Next >
[Bug 982003] New: VUL-0: CVE-2016-5103: roundcube: XSS vulnerability in mail content page
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Fri, 27 May 2016 12:23:49 +0000
  • Message-id: <bug-982003-21960@http.bugzilla.suse.com/>
http://bugzilla.suse.com/show_bug.cgi?id=982003


Bug ID: 982003
Summary: VUL-0: CVE-2016-5103: roundcube: XSS vulnerability in
mail content page
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.1
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: nix@xxxxxxxxxxxx
Reporter: abergmann@xxxxxxxx
QA Contact: qa-bugs@xxxxxxx
CC: aj@xxxxxxxxxxx, lrupp@xxxxxxxx, wolfgang@xxxxxxxxxxxxx
Found By: Security Response Team
Blocker: ---

rh#1339654

A 1.2.0 release of roundcubemail fixed an XSS vulnerability in href attribute
on area tag.

External references:

https://github.com/roundcube/roundcubemail/issues/5240

Upstream fix:

https://github.com/roundcube/roundcubemail/pull/5241

CVE assignment:

http://seclists.org/oss-sec/2016/q2/414

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1339654
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5103
http://seclists.org/oss-sec/2016/q2/414

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
Follow Ups