Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 916274 (CVE-2023-5631)

Summary: <mail-client/roundcube-{1.5.5,1.6.4}: XSS vulnerability
Product: Gentoo Linux Reporter: Nico Baggus <mlspamcb>
Component: Current packagesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: major CC: bugs.gentoo.org, candrews, gentoo_bugs_peep, jstein, titanofold, web-apps
Priority: Normal Keywords: SECURITY
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B4 [glsa? cleanup]
Package list:
Runtime testing required: ---
Bug Depends on: 916373    
Bug Blocks:    

Description Nico Baggus 2023-10-25 20:46:48 UTC 
CVE-2023-5631

https://www.welivesecurity.com/en/eset-research/winter-vivern-exploits-zero-day-vulnerability-roundcube-webmail-servers/

Reproducible: Always

Actual Results:  
current versions not available.
Comment 1 Hans de Graaff gentoo-dev Security 2023-10-26 05:07:40 UTC 
"2023-10-16: The Roundcube team released security updates to address the vulnerability (1.6.4, 1.5.5, and 1.4.15).:
Comment 2 Hans de Graaff gentoo-dev Security 2023-10-26 12:24:57 UTC 
*** Bug 916297 has been marked as a duplicate of this bug. ***