Cross-Site Scripting in roundcubemail
ID: | FEDORA-2021-73359af51c |
Distribution: | Fedora |
Plattformen: | Fedora 33 |
Datum: | Mi, 13. Januar 2021, 07:08 |
Referenzen: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35730 |
Applikationen: | RoundCube Webmail |
Originalnachricht |
|
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2021-73359af51c 2021-01-13 01:58:21.870718 -------------------------------------------------------------------------------- Name : roundcubemail Product : Fedora 33 Version : 1.4.10 Release : 1.fc33 URL : http://www.roundcube.net Summary : Round Cube Webmail is a browser-based multilingual IMAP client Description : RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2. -------------------------------------------------------------------------------- Update Information: **RELEASE 1.4.10** - Fix extra angle brackets in In-Reply-To header derived from mailto: params (#7655) - Fix folder list issue whan special folder is a subfolder (#7647) - Fix Elastic's folder subscription toggle in search result (#7653) - Fix state of subscription toggle on folders list after changing folder state from the search result (#7653) - **Security**: Fix cross-site scripting (XSS) via HTML or Plain text messages with malicious content [**CVE-2020-35730**] -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 4 2021 Remi Collet |