diff options
author | Jean-Pierre Giraud <jean-pierregiraud@neuf.fr> | 2023-12-04 11:52:31 +0100 |
---|---|---|
committer | Jean-Pierre Giraud <jean-pierregiraud@neuf.fr> | 2023-12-04 11:52:31 +0100 |
commit | 77b32cb1a8bae5f25cb3f3405eaa6c1f140c9ab9 (patch) | |
tree | 0e8e141bbe14cda15539ed3141929d21d6a3bbff /english/security | |
parent | 20875373611bd9c74527220c793dfa73f807e9ee (diff) |
[SECURITY] [DSA 5572-1] roundcube security update
Diffstat (limited to 'english/security')
-rw-r--r-- | english/security/2023/dsa-5572.data | 13 | ||||
-rw-r--r-- | english/security/2023/dsa-5572.wml | 24 |
2 files changed, 37 insertions, 0 deletions
diff --git a/english/security/2023/dsa-5572.data b/english/security/2023/dsa-5572.data new file mode 100644 index 00000000000..62f05de8761 --- /dev/null +++ b/english/security/2023/dsa-5572.data @@ -0,0 +1,13 @@ +<define-tag pagetitle>DSA-5572-1 roundcube</define-tag> +<define-tag report_date>2023-12-04</define-tag> +<define-tag secrefs>CVE-2023-47272 Bug#1055421</define-tag> +<define-tag packages>roundcube</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> +<define-tag fixed-section>no</define-tag> + +#use wml::debian::security + + + +</dl> diff --git a/english/security/2023/dsa-5572.wml b/english/security/2023/dsa-5572.wml new file mode 100644 index 00000000000..70b9ee0f0dd --- /dev/null +++ b/english/security/2023/dsa-5572.wml @@ -0,0 +1,24 @@ +<define-tag description>security update</define-tag> +<define-tag moreinfo> +<p>Rene Rehme discovered that roundcube, a skinnable AJAX based webmail +solution for IMAP servers, did not properly set headers when handling +attachments. This would allow an attacker to load arbitrary JavaScript +code.</p> + +<p>For the oldstable distribution (bullseye), this problem has been fixed +in version 1.4.15+dfsg.1-1~deb11u2.</p> + +<p>For the stable distribution (bookworm), this problem has been fixed in +version 1.6.5+dfsg-1~deb12u1.</p> + +<p>We recommend that you upgrade your roundcube packages.</p> + +<p>For the detailed security status of roundcube please refer to +its security tracker page at: +<a href="https://security-tracker.debian.org/tracker/roundcube">\ +https://security-tracker.debian.org/tracker/roundcube</a></p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2023/dsa-5572.data" +# $Id: $ |