Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 762136 (CVE-2020-35730) - <mail-client/roundcube-1.4.10: XSS vulnerability (CVE-2020-35730)
Summary: <mail-client/roundcube-1.4.10: XSS vulnerability (CVE-2020-35730)
Status: RESOLVED FIXED
Alias: CVE-2020-35730
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://roundcube.net/news/2020/12/27...
Whiteboard: B4 [noglsa]
Keywords: ALLARCHES, CC-ARCHES
Depends on:
Blocks:
 
Reported: 2020-12-28 04:20 UTC by Sam James
Modified: 2021-02-27 10:49 UTC (History)
3 users (show)

See Also:
Package list:
mail-client/roundcube-1.4.10
Runtime testing required: ---
nattka: sanity-check-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-12-28 04:20:52 UTC 
"Stored cross-site scripting (XSS) via HTML or plain text messages with malicious content"
Comment 1 Larry the Git Cow gentoo-dev 2020-12-31 14:21:11 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4e43de3d362f1052d814e2a387288f5586557976

commit 4e43de3d362f1052d814e2a387288f5586557976
Author:     Craig Andrews <candrews@gentoo.org>
AuthorDate: 2020-12-31 14:02:07 +0000
Commit:     Craig Andrews <candrews@gentoo.org>
CommitDate: 2020-12-31 14:21:06 +0000

    mail-client/roundcube: 1.4.10 version bump
    
    Bug: https://bugs.gentoo.org/762136
    Package-Manager: Portage-3.0.12, Repoman-3.0.2
    Signed-off-by: Craig Andrews <candrews@gentoo.org>

 mail-client/roundcube/Manifest                |  1 +
 mail-client/roundcube/roundcube-1.4.10.ebuild | 96 +++++++++++++++++++++++++++
 2 files changed, 97 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-12-31 18:06:01 UTC 
Thank you! Please proceed with stabilization when ready.
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-01-08 10:36:52 UTC 
amd64 arm ppc ppc64 sparc x86 (ALLARCHES) done

all arches done
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-01-08 10:37:11 UTC 
Please cleanup, thanks!
Comment 5 NATTkA bot gentoo-dev 2021-02-27 10:49:12 UTC 
Unable to check for sanity:

> no match for package: mail-client/roundcube-1.4.10
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-27 10:49:53 UTC 
Thank you! All done. :)