Bug 1188201 (CVE-2015-1433) - CVE-2015-1433 roundcubemail: crooss-site scripting in style attribute handling
Summary: CVE-2015-1433 roundcubemail: crooss-site scripting in style attribute handling
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2015-1433
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1188202 1188203
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-02-02 10:29 UTC by Vasyl Kaigorodov
Modified: 2019-09-29 13:27 UTC (History)
5 users (show)

Fixed In Version: Roundcube 1.0.5
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-01-31 10:24:12 UTC


Attachments (Terms of Use)

Description Vasyl Kaigorodov 2015-02-02 10:29:27 UTC
Cross-site scripting vulnerability has been fixed in Roundcube 1.0.5 version.
Please update Debian packages, thanks.

http://roundcube.net/news/2015/01/24/security-update-1.0.5/
http://trac.roundcube.net/wiki/Changelog#RELEASE1.0.5
http://trac.roundcube.net/ticket/1490227

CVE request: http://www.openwall.com/lists/oss-security/2015/01/31/3

Comment 1 Vasyl Kaigorodov 2015-02-02 10:32:51 UTC
Created roundcubemail tracking bugs for this issue:

Affects: fedora-all [bug 1188202]
Affects: epel-all [bug 1188203]


Note You need to log in before you can comment on or make changes to this bug.