Package "roundcube-sqlite3"
Name: |
roundcube-sqlite3
|
Description: |
metapackage providing SQLite dependencies for RoundCube
|
Latest version: |
1.6.2+dfsg-1ubuntu0.2 |
Release: |
mantic (23.10) |
Level: |
updates |
Repository: |
universe |
Head package: |
roundcube |
Homepage: |
https://www.roundcube.net/ |
Links
Download "roundcube-sqlite3"
Other versions of "roundcube-sqlite3" in Mantic
Changelog
roundcube (1.6.2+dfsg-1ubuntu0.2) mantic-security; urgency=medium
* SECURITY UPDATE: Cross-site Scripting
- debian/patches/CVE-2023-47272.patch: Fix cross-site scripting
(XSS) vulnerability in setting Content-Type/Content-Disposition for
attachment preview/download
- debian/patches/CVE-2023-5631.patch: Fix cross-site scripting (XSS)
vulnerability in handling of SVG in HTML messages (#9168)
- debian/patches/CVE-2024-37383.patch: Fix cross-site scripting
(XSS) vulnerability in handling SVG animate attributes
- debian/patches/CVE-2024-37384.patch: Fix cross-site scripting
(XSS) vulnerability in handling list columns from user preferences
MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-
Transfer-Encoding: 8bit
- CVE-2023-47272
- CVE-2023-5631
- CVE-2024-37383
- CVE-2024-37384
-- Allen Huang <email address hidden> Thu, 20 Jun 2024 11:48:48 +0100
|
Source diff to previous version |
CVE-2023-47272 |
Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or downl |
CVE-2023-5631 |
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because |
CVE-2024-37383 |
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes. |
CVE-2024-37384 |
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences. |
|
roundcube (1.6.2+dfsg-1ubuntu0.1) mantic-security; urgency=medium
* SECURITY UPDATE: cross-site scripting vulnerability
- debian/patches/CVE-2023-43770.patch: Fix cross-site scripting (XSS)
vulnerability in handling of linkrefs in plain text messages
- CVE-2023-43770
-- Nishit Majithia <email address hidden> Fri, 23 Feb 2024 10:31:46 +0530
|
CVE-2023-43770 |
Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/l |
|
About
-
Send Feedback to @ubuntu_updates