Bug 27883

Summary: roundcubemail security issue CVE-2020-16145
Product: Mageia Reporter: Zombie Ryushu <zombie_ryushu>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: 7   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-16145
Whiteboard:
Source RPM: roundcubemail-1.3.15-1.mga7.src CVE: CVE-2020-16145
Status comment:

Description Zombie Ryushu 2020-12-20 06:57:38 CET 
Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.
Zombie Ryushu 2020-12-20 06:57:58 CET

CVE: (none) => CVE-2020-16145

Comment 1 David Walser 2020-12-20 14:23:58 CET 
Already reported and FIXED!

*** This bug has been marked as a duplicate of bug 27079 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE