[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 855-1] roundcube security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : roundcube
Version        : 0.7.2-9+deb7u6
CVE ID         : CVE-2017-6820
Debian Bug     : 857473

Roundcube, a webmail solution for IMAP servers, was susceptible to
a cross-site-scripting (XSS) vulnerability via a crafted Cascading
Style Sheets (CSS) token sequence within an SVG element or HTML message.

For Debian 7 "Wheezy", these problems have been fixed in version
0.7.2-9+deb7u6.

We recommend that you upgrade your roundcube packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAljHHXFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSNYBAAzC44HpIlY+asJnon86febmNDi/BIZXi9WoiMurZ0cNEtk9q7mQ1OXxld
uk9UHF40TyjkOqouKq4JwfV0r3qjaV4WxWcHZnOtF7H15Px4+om0nsG9OwKF4RBP
/ZNcHxMl+W7BIpZVf4bFhxVMjqRojwmOodLRU87ATjnsPrAdmeFb6/4B0M+z0EGT
dtO8INPbWzp5AU2mIB7oBYBpv0B1LMpacGHuJmZSmj/U7cxoTobTP482gA2Qo8Rj
K96z3USkiw2d5Ji9a4zY52h3LEaDcCRQfrDEum3VUfEOKyJSdGkYg4ZFcnM0vJYB
WFqP+pEtkmPdvse/acWRZPYDzuy3b3JpNYknHeRfdjxk6kggDCsBPIiLp/6vPmEb
lLgSYE0Io1Tf00XeooD3MFssaDWy4cVEBgfUU15Eu8xn4OsXnFjBjKvxVeVAqDdR
pi6PjvYrMPllvAA8ZYBoD3jvoyzpPsIAJ1SlyOQiAiJrFhgTNSO1FqZJf+kY2DHo
ZFW70HJdYTQ4dujZi9RvaWVEZiEvecu2EHrWkO4vyCre+q3hUbLxG5cIfiWoscYD
j1koRHSDN4newSdqGeFC/4xX2E+GxBZ/V92uffnzbqymKbweMPNfHhmxaraXaRyb
EANS4quF1S7GhHl0ofQtcSZaFHrAWNfwE6Dm0ZzPLT9uLWCrkEs=
=1oua
-----END PGP SIGNATURE-----


Reply to: