916274 – (CVE-2023-5631) <mail-client/roundcube-{1.5.5,1.6.4}: XSS vulnerability

Bug 916274 (CVE-2023-5631) - <mail-client/roundcube-{1.5.5,1.6.4}: XSS vulnerability

Summary: <mail-client/roundcube-{1.5.5,1.6.4}: XSS vulnerability

Status:	IN_PROGRESS

Alias:	CVE-2023-5631

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B4 [glsa? cleanup]
Keywords:	SECURITY

Duplicates (1):	916297 (view as bug list)
Depends on:	916373
Blocks:
	Show dependency tree

Reported:	2023-10-25 20:46 UTC by Nico Baggus
Modified:	2023-12-11 10:40 UTC (History)
CC List:	6 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Nico Baggus 2023-10-25 20:46:48 UTC

CVE-2023-5631

https://www.welivesecurity.com/en/eset-research/winter-vivern-exploits-zero-day-vulnerability-roundcube-webmail-servers/

Reproducible: Always

Actual Results:  
current versions not available.

Comment 1 Hans de Graaff gentoo-dev

2023-10-26 05:07:40 UTC

"2023-10-16: The Roundcube team released security updates to address the vulnerability (1.6.4, 1.5.5, and 1.4.15).:

Comment 2 Hans de Graaff gentoo-dev

2023-10-26 12:24:57 UTC

*** Bug 916297 has been marked as a duplicate of this bug. ***