Description: "Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks." No fix upstream yet: https://github.com/roundcube/roundcubemail/issues/6891
Figured I'd mention that titanofold removed <mail-client/roundcube-1.3.11 on Jul 23, 2020/07/23 in [1]. So this has been "fixed". [1] https://github.com/gentoo/gentoo/commit/637bca0e8feef63e8d6578d81bf342ac1d8e1e65#diff-b5ae4bfcb2dce94d36eeba44230d3e1bc8e0b9212d774369dbfd89dae975df29
(In reply to Philippe Chaintreuil from comment #1) > Figured I'd mention that titanofold removed <mail-client/roundcube-1.3.11 on > Jul 23, 2020/07/23 in [1]. So this has been "fixed". > > [1] > https://github.com/gentoo/gentoo/commit/ > 637bca0e8feef63e8d6578d81bf342ac1d8e1e65#diff- > b5ae4bfcb2dce94d36eeba44230d3e1bc8e0b9212d774369dbfd89dae975df29 Where's the fix upstream? It doesn't look like the upstream issue has been resovled.
(In reply to John Helmert III from comment #2) > (In reply to Philippe Chaintreuil from comment #1) > > Figured I'd mention that titanofold removed <mail-client/roundcube-1.3.11 on > > Jul 23, 2020/07/23 in [1]. So this has been "fixed". > > > > [1] > > https://github.com/gentoo/gentoo/commit/ > > 637bca0e8feef63e8d6578d81bf342ac1d8e1e65#diff- > > b5ae4bfcb2dce94d36eeba44230d3e1bc8e0b9212d774369dbfd89dae975df29 > > Where's the fix upstream? It doesn't look like the upstream issue has been > resovled. https://github.com/roundcube/roundcubemail/commit/b913d2fbdef8c351273ee12e307405e04eb0d550 ... so it should be fixed in 1.5.0.
Please cleanup