Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 257956 (CVE-2009-0413)

Summary: <=mail-client/roundcube-0.2 XSS vulnerability (CVE-2009-0413)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: hollow, tanstaafl, web-apps
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://trac.roundcube.net/changeset/2245
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2009-02-06 22:00:36 UTC 
CVE-2009-0413 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0413):
  Cross-site scripting (XSS) vulnerability in RoundCube Webmail
  (roundcubemail) 0.2 stable allows remote attackers to inject
  arbitrary web script or HTML via the background attribute embedded in
  an HTML e-mail message.
Comment 1 tanstaafl@libertytrek.org 2009-03-11 11:45:08 UTC 
0.2.1 has been released with a LOT of bug fixes...

version bump? :)

http://sourceforge.net/forum/forum.php?forum_id=927958
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2009-04-23 17:15:41 UTC 
Thanks, closing noglsa as it does not have a stable version (wrong whiteboard...).