| Summary: | roundcube: security update 1.6.4 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Marc Krämer <mageia> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED DUPLICATE | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | marja11 |
| Version: | 9 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | roundcube | CVE: | CVE-2023-5631 |
| Status comment: | |||
|
Description
Marc Krämer
2023-10-27 01:33:54 CEST
Marc Krämer
2023-10-27 01:34:14 CEST
CVE:
(none) =>
CVE-2023-5631 Updated roundcubemail fix vulnerability. Fix cross-site scripting (XSS) vulnerability in handling of SVG in HTML messages. References: https://roundcube.net/news/2023/10/16/security-update-1.6.4-released https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5631 ======================== Updated packages in core/updates_testing: ======================== roundcubemail-1.6.4-1.mga9.noarch.rpm SRPM: roundcubemail-1.6.4-1.mga9.src.rpm Assignee:
mageia =>
qa-bugs Advisory from comment 1 added to SVN. Please remove the "advisory" keyword if it needs to be changed. It also helps when obsolete advisories are tagged as "obsolete" CC:
(none) =>
marja11 Setting this report to depend on 32493, because that later roundcubemail update landed in updates_testing, and this one is gone. Depends on:
(none) =>
32493
Marja Van Waes
2023-11-05 22:50:41 CET
Depends on:
32493 =>
(none) Closing as OLD because there is already bug 32493 for a newer roundcubemail package Resolution:
(none) =>
OLD Improper resolution. Typically we'd just leave this blocked and mark it fixed when the other one is. Marking as a dup which will also maintain the linkage between the two bugs. *** This bug has been marked as a duplicate of bug 32493 *** Resolution:
OLD =>
DUPLICATE |