Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 769623 (CVE-2021-26925) - <mail-client/roundcube-1.4.11: XSS vulnerability (CVE-2021-26925)
Summary: <mail-client/roundcube-1.4.11: XSS vulnerability (CVE-2021-26925)
Status: RESOLVED FIXED
Alias: CVE-2021-26925
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [noglsa]
Keywords: ALLARCHES
Depends on:
Blocks:
 
Reported: 2021-02-08 22:32 UTC by Philippe Chaintreuil
Modified: 2021-03-01 20:52 UTC (History)
3 users (show)

See Also:
Package list:
mail-client/roundcube-1.4.11 amd64 arm ppc ppc64 sparc x86
Runtime testing required: No
nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Philippe Chaintreuil 2021-02-08 22:32:55 UTC 
Roundcube 1.4.11 has been released.  It fixes an XSS bug.

Announcement: https://roundcube.net/news/2021/02/08/security-update-1.4.11
Changelog: https://github.com/roundcube/roundcubemail/releases/tag/1.4.11

Reproducible: Always
Comment 1 Andreas Sturmlechner gentoo-dev 2021-02-08 22:37:23 UTC 
You're late, see commit 304a04be7c684287a2ef2a03969d5dc7c7f5bf77. ;)
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-09 09:45:32 UTC 
Tell us when ready to stable.
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-24 21:10:29 UTC 
ping
Comment 5 Philippe Chaintreuil 2021-02-25 01:01:11 UTC 
Just as a data point, I've been running 1.4.11 since Feb 8th without an issue.  (But I'm not the maintainer.)
Comment 6 Aaron W. Swenson gentoo-dev 2021-02-25 14:30:04 UTC 
Please stabilize the following target:
=mail-client/roundcube-1.4.11 ~amd64 ~arm ~ppc ~ppc64 ~sparc ~x86
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-27 10:08:00 UTC 
amd64 arm ppc ppc64 sparc x86 (ALLARCHES) done

all arches done
Comment 8 Larry the Git Cow gentoo-dev 2021-02-27 10:44:23 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d5f856ca212bcdbe2096375e922030ab2e65965e

commit d5f856ca212bcdbe2096375e922030ab2e65965e
Author:     Aaron W. Swenson <titanofold@gentoo.org>
AuthorDate: 2021-02-27 10:40:27 +0000
Commit:     Aaron W. Swenson <titanofold@gentoo.org>
CommitDate: 2021-02-27 10:44:04 +0000

    mail-client/roundcube: Cleanup
    
    Bug: https://bugs.gentoo.org/769623
    Signed-off-by: Aaron W. Swenson <titanofold@gentoo.org>

 mail-client/roundcube/Manifest                |  2 -
 mail-client/roundcube/roundcube-1.4.10.ebuild | 96 ---------------------------
 mail-client/roundcube/roundcube-1.4.8.ebuild  | 73 --------------------
 3 files changed, 171 deletions(-)
Comment 9 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-03-01 20:52:28 UTC 
Thanks!