Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 23 Apr 2016 17:03:50 +0200
From: Salvatore Bonaccorso <>
To: OSS Security Mailinglist <>
Subject: CVE Request: Roundcube: XSS issue in SVG image handling and
 protection for download urs against CSRF


Roundcube recently released new versions:

There are at least the following two fixes:

Fix XSS issue in SVG images handling (#4949):

Upstream issue:

Fix for master branch:

Fix for 1.1 branch:

Protect download urls against CSRF using unique request tokens (#4957):

Upstrema issue:

Fix for master branch:

Fix for the 1.1 brach:

Could you assign CVEs for those issues?


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ