Bug 1000510 - (CVE-2013-5645, CVE-2013-5646) CVE-2013-5645 CVE-2013-5646 roundcubemail: two XSS flaws fixed in 0.9.3
CVE-2013-5645 CVE-2013-5646 roundcubemail: two XSS flaws fixed in 0.9.3
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20130718,repor...
: Security
Depends On: 1000511 1000512
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-23 10:35 EDT by Vincent Danen
Modified: 2016-03-04 06:13 EST (History)
4 users (show)

See Also:
Fixed In Version: roundcubemail 0.9.3
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-08-15 11:39:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2013-08-23 10:35:56 EDT
Two XSS flaws were fixed in roundcube 0.9.3 [1]:

* Fix XSS vulnerability when saving HTML signatures [2],[3]
* Fix XSS vulnerability when editing a message "as new" or draft [2],[4]


[1] http://trac.roundcube.net/wiki/Changelog#RELEASE0.9.3
[2] http://trac.roundcube.net/ticket/1489251
[3] http://trac.roundcube.net/changeset/ce5a6496fd6039962ba7424d153278e41ae8761b/github
[4] http://trac.roundcube.net/changeset/93b0a30c1c8aa29d862b587b31e52bcc344b8d16/github
Comment 1 Vincent Danen 2013-08-23 10:37:57 EDT
Created roundcubemail tracking bugs for this issue:

Affects: fedora-all [bug 1000511]
Affects: epel-6 [bug 1000512]

Note You need to log in before you can comment on or make changes to this bug.