An XSS vulnerability was found https://roundcube.net/news/2023/10/16/security-update-1.6.4-released
CVE: (none) => CVE-2023-5631
Updated roundcubemail fix vulnerability. Fix cross-site scripting (XSS) vulnerability in handling of SVG in HTML messages. References: https://roundcube.net/news/2023/10/16/security-update-1.6.4-released https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5631 ======================== Updated packages in core/updates_testing: ======================== roundcubemail-1.6.4-1.mga9.noarch.rpm SRPM: roundcubemail-1.6.4-1.mga9.src.rpm
Assignee: mageia => qa-bugs
Advisory from comment 1 added to SVN. Please remove the "advisory" keyword if it needs to be changed. It also helps when obsolete advisories are tagged as "obsolete"
CC: (none) => marja11Keywords: (none) => advisory
Setting this report to depend on 32493, because that later roundcubemail update landed in updates_testing, and this one is gone.
Depends on: (none) => 32493
Depends on: 32493 => (none)
Closing as OLD because there is already bug 32493 for a newer roundcubemail package
Resolution: (none) => OLDStatus: NEW => RESOLVEDKeywords: advisory => (none)
Improper resolution. Typically we'd just leave this blocked and mark it fixed when the other one is. Marking as a dup which will also maintain the linkage between the two bugs. *** This bug has been marked as a duplicate of bug 32493 ***
Resolution: OLD => DUPLICATE