Date: Sun, 29 Mar 2015 19:43:57 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: CVE request: XSS in roundcube before 1.1.0 Hi Hanno, On Sun, Mar 29, 2015 at 11:52:06AM +0200, Hanno Böck wrote: > http://trac.roundcube.net/wiki/Changelog > Fix XSS issue in style attribute handling (#1490227) > > Upstream Bug: > http://trac.roundcube.net/ticket/1490227 > > Commit: > http://trac.roundcube.net/changeset/786aa0725/github > > It was not mentioned in the release notes... This seem to have already a CVE: CVE-2015-1433, from http://www.openwall.com/lists/oss-security/2015/01/31/6 Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ