Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 538352 (CVE-2015-1433) - <mail-client/roundcube-1.0.5: XSS (CVE-2015-1433)
Summary: <mail-client/roundcube-1.0.5: XSS (CVE-2015-1433)
Alias: CVE-2015-1433
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [noglsa]
Depends on:
Reported: 2015-01-31 14:25 UTC by Agostino Sarubbo
Modified: 2015-03-07 07:00 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2015-01-31 14:25:03 UTC
From ${URL} :

Fix XSS issue in style attribute handling (#1490227)

@maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2015-02-24 06:00:55 UTC
Setting Dependency on Bug #534766 for cleanup

No GLSA for Cross Site Scripting.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2015-02-24 06:03:21 UTC
CVE-2015-1433 (
  program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not
  properly quote strings, which allows remote attackers to conduct cross-site
  scripting (XSS) attacks via the style attribute in an email.
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2015-03-07 07:00:08 UTC
Maintainer(s), Thank you for cleanup!

Closing noglsa.