Paketname
roundcubemail
Datum
2013-09-05
Advisory ID
MDVSA-2013:226
Betroffene Versionen
MES5 i586 , MBS1 x86_64 , MES5 x86_64

Problembeschreibung

Multiple vulnerabilities has been discovered and corrected in
roundcubemail:

Multiple cross-site scripting (XSS) vulnerabilities in Roundcube
webmail before 0.9.3 allow user-assisted remote attackers to inject
arbitrary web script or HTML via the body of a message visited in (1)
new or (2) draft mode, related to compose.inc; and (3) might allow
remote authenticated users to inject arbitrary web script or HTML
via an HTML signature, related to save_identity.inc (CVE-2013-5645).

The updated packages have been patched to correct these issues.

Aktualisierte Pakete

MES5 i586

 f0c42fa2a078036a0f1d0550009f198b  mes5/i586/roundcubemail-0.7.4-0.2mdvmes5.2.noarch.rpm 
 b1ec5540765bf091ec00ccce270de99f  mes5/SRPMS/roundcubemail-0.7.4-0.2mdvmes5.2.src.rpm

MBS1 x86_64

 66fbaa494dfa537772aa0ab158fa4ac8  mbs1/x86_64/roundcubemail-0.8.6-1.1.mbs1.noarch.rpm 
 9b1adf84782aa63593914a782f834f79  mbs1/SRPMS/roundcubemail-0.8.6-1.1.mbs1.src.rpm

MES5 x86_64

 0a996d62624acabebe2b075f45983ab0  mes5/x86_64/roundcubemail-0.7.4-0.2mdvmes5.2.noarch.rpm 
 b1ec5540765bf091ec00ccce270de99f  mes5/SRPMS/roundcubemail-0.7.4-0.2mdvmes5.2.src.rpm

Referenzen