diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-11-19 08:27:41 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-11-19 08:27:41 +0100 |
commit | 8de7e8113565b6022f24f94923e792e550d55120 (patch) | |
tree | 1877b4d1d794a3c6240233bf5ee20ddc79b6689a | |
parent | f97af28ff771f4ac3fe2ec9f61965d022a855e34 (diff) |
CVEs for roundcube assigned: CVE-2021-44025 and CVE-2021-44026
-rw-r--r-- | data/CVE/list.2021 | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index b7fb5f10d5..699e2cff4c 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -42,12 +42,12 @@ CVE-2021-3976 RESERVED CVE-2021-3975 RESERVED -CVE-2021-XXXX [XSS issue in handling attachment filename extension in mimetype mismatch warning] +CVE-2021-44025 [XSS issue in handling attachment filename extension in mimetype mismatch warning] - roundcube 1.5.0+dfsg.1-1 (bug #1000156) NOTE: https://github.com/roundcube/roundcubemail/issues/8193 NOTE: https://github.com/roundcube/roundcubemail/commit/faf99bf8a2b7b7562206fa047e8de652861e624a (1.4.12) NOTE: https://github.com/roundcube/roundcubemail/commit/7d7b1dfeff795390b69905ceb63d6391b5b0dfe7 (1.3.17) -CVE-2021-XXXX [SQL injection via some session variables] +CVE-2021-44026 [SQL injection via some session variables] - roundcube 1.5.0+dfsg.1-1 (bug #1000156) NOTE: https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1 (1.4.12) NOTE: https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa (1.3.17) |