Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#69131 - [roundcubemail] [Security] cross-site scripting (CVE-2020-35730)
Attached to Project:
Community Packages
Opened by Jonas Witschel (diabonas) - Monday, 28 December 2020, 08:46 GMT
Last edited by Jonas Witschel (diabonas) - Wednesday, 30 December 2020, 11:17 GMT
Opened by Jonas Witschel (diabonas) - Monday, 28 December 2020, 08:46 GMT
Last edited by Jonas Witschel (diabonas) - Wednesday, 30 December 2020, 11:17 GMT
|
DetailsSummary
======= The package roundcubemail is vulnerable to cross-site scripting via CVE-2020-35730. Guidance ======== Upgrading to the latest stable release 1.4.10 fixes the issue. References ========== https://security.archlinux.org/AVG-1388 https://github.com/roundcube/roundcubemail/releases/tag/1.4.10 https://github.com/roundcube/roundcubemail/commit/0bceba301aa621ecc0263eac17beee2a4cef0c6d |
This task depends upon
Closed by Jonas Witschel (diabonas)
Wednesday, 30 December 2020, 11:17 GMT
Reason for closing: Fixed
Additional comments about closing: roundcubemail 1.4.10-1
Wednesday, 30 December 2020, 11:17 GMT
Reason for closing: Fixed
Additional comments about closing: roundcubemail 1.4.10-1