Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 769623 (CVE-2021-26925)

Summary: <mail-client/roundcube-1.4.11: XSS vulnerability (CVE-2021-26925)
Product: Gentoo Security Reporter: Philippe Chaintreuil <gentoo_bugs_2_peep>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: candrews, titanofold, web-apps
Priority: Normal Keywords: ALLARCHES
Version: unspecifiedFlags: nattka: sanity-check+
Hardware: All   
OS: Linux   
Whiteboard: B4 [noglsa]
Package list:
mail-client/roundcube-1.4.11 amd64 arm ppc ppc64 sparc x86
Runtime testing required: No

Description Philippe Chaintreuil 2021-02-08 22:32:55 UTC
Roundcube 1.4.11 has been released.  It fixes an XSS bug.

Announcement: https://roundcube.net/news/2021/02/08/security-update-1.4.11
Changelog: https://github.com/roundcube/roundcubemail/releases/tag/1.4.11

Reproducible: Always
Comment 1 Andreas Sturmlechner gentoo-dev 2021-02-08 22:37:23 UTC
You're late, see commit 304a04be7c684287a2ef2a03969d5dc7c7f5bf77. ;)
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-09 09:45:32 UTC
Tell us when ready to stable.
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-24 21:10:29 UTC
ping
Comment 5 Philippe Chaintreuil 2021-02-25 01:01:11 UTC
Just as a data point, I've been running 1.4.11 since Feb 8th without an issue.  (But I'm not the maintainer.)
Comment 6 Aaron W. Swenson gentoo-dev 2021-02-25 14:30:04 UTC
Please stabilize the following target:
=mail-client/roundcube-1.4.11 ~amd64 ~arm ~ppc ~ppc64 ~sparc ~x86
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-27 10:08:00 UTC
amd64 arm ppc ppc64 sparc x86 (ALLARCHES) done

all arches done
Comment 8 Larry the Git Cow gentoo-dev 2021-02-27 10:44:23 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d5f856ca212bcdbe2096375e922030ab2e65965e

commit d5f856ca212bcdbe2096375e922030ab2e65965e
Author:     Aaron W. Swenson <titanofold@gentoo.org>
AuthorDate: 2021-02-27 10:40:27 +0000
Commit:     Aaron W. Swenson <titanofold@gentoo.org>
CommitDate: 2021-02-27 10:44:04 +0000

    mail-client/roundcube: Cleanup
    
    Bug: https://bugs.gentoo.org/769623
    Signed-off-by: Aaron W. Swenson <titanofold@gentoo.org>

 mail-client/roundcube/Manifest                |  2 -
 mail-client/roundcube/roundcube-1.4.10.ebuild | 96 ---------------------------
 mail-client/roundcube/roundcube-1.4.8.ebuild  | 73 --------------------
 3 files changed, 171 deletions(-)
Comment 9 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-03-01 20:52:28 UTC
Thanks!