Bug 1000510 (CVE-2013-5645, CVE-2013-5646) - CVE-2013-5645 CVE-2013-5646 roundcubemail: two XSS flaws fixed in 0.9.3
Summary: CVE-2013-5645 CVE-2013-5646 roundcubemail: two XSS flaws fixed in 0.9.3
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2013-5645, CVE-2013-5646
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1000511 1000512
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-08-23 14:35 UTC by Vincent Danen
Modified: 2019-09-29 13:07 UTC (History)
4 users (show)

Fixed In Version: roundcubemail 0.9.3
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-08-15 15:39:16 UTC


Attachments (Terms of Use)

Description Vincent Danen 2013-08-23 14:35:56 UTC
Two XSS flaws were fixed in roundcube 0.9.3 [1]:

* Fix XSS vulnerability when saving HTML signatures [2],[3]
* Fix XSS vulnerability when editing a message "as new" or draft [2],[4]


[1] http://trac.roundcube.net/wiki/Changelog#RELEASE0.9.3
[2] http://trac.roundcube.net/ticket/1489251
[3] http://trac.roundcube.net/changeset/ce5a6496fd6039962ba7424d153278e41ae8761b/github
[4] http://trac.roundcube.net/changeset/93b0a30c1c8aa29d862b587b31e52bcc344b8d16/github

Comment 1 Vincent Danen 2013-08-23 14:37:57 UTC
Created roundcubemail tracking bugs for this issue:

Affects: fedora-all [bug 1000511]
Affects: epel-6 [bug 1000512]


Note You need to log in before you can comment on or make changes to this bug.