[ubuntu/mantic-security] roundcube 1.6.2+dfsg-1ubuntu0.2 (Accepted)
Allen Huang
allen.huang at canonical.com
Tue Jun 25 16:32:51 UTC 2024
roundcube (1.6.2+dfsg-1ubuntu0.2) mantic-security; urgency=medium
* SECURITY UPDATE: Cross-site Scripting
- debian/patches/CVE-2023-47272.patch: Fix cross-site scripting
(XSS) vulnerability in setting Content-Type/Content-Disposition for
attachment preview/download
- debian/patches/CVE-2023-5631.patch: Fix cross-site scripting (XSS)
vulnerability in handling of SVG in HTML messages (#9168)
- debian/patches/CVE-2024-37383.patch: Fix cross-site scripting
(XSS) vulnerability in handling SVG animate attributes
- debian/patches/CVE-2024-37384.patch: Fix cross-site scripting
(XSS) vulnerability in handling list columns from user preferences
MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-
Transfer-Encoding: 8bit
- CVE-2023-47272
- CVE-2023-5631
- CVE-2024-37383
- CVE-2024-37384
Date: 2024-06-25 10:30:11.266001+00:00
Changed-By: Allen Huang <allen.huang at canonical.com>
https://launchpad.net/ubuntu/+source/roundcube/1.6.2+dfsg-1ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the mantic-changes
mailing list