829408 – mail-client/roundcube-1.4.12 version bump (XSS and SQL injection fixes)

Bug 829408 - mail-client/roundcube-1.4.12 version bump (XSS and SQL injection fixes)

Summary: mail-client/roundcube-1.4.12 version bump (XSS and SQL injection fixes)

Status:	RESOLVED DUPLICATE of bug 824918

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Aaron W. Swenson

URL:	https://roundcube.net/download/
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2021-12-17 08:56 UTC by Dennis Lichtenthäler
Modified:	2021-12-17 22:30 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dennis Lichtenthäler 2021-12-17 08:56:19 UTC

The changelog notes the following security fixes:

- Fix XSS issue in handling attachment filename extension in mimetype mismatch warning
- Fix possible SQL injection via some session variables


Reproducible: Always

Comment 1 Mike Gilbert gentoo-dev

2021-12-17 22:30:24 UTC


*** This bug has been marked as a duplicate of bug 824918 ***