Advisories » MGASA-2017-0092

Updated roundcubemail package fixes security vulnerability

Publication date: 27 Mar 2017
Modification date: 27 Mar 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-6820

Description

rcube_utils.php in Roundcube before 1.1.8 and before 1.2.4 is
susceptible to a cross-site scripting vulnerability via a crafted
Cascading Style Sheets (CSS) token sequence within an SVG element
(CVE-2017-6820).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20463
• http://openwall.com/lists/oss-security/2017/03/12/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6820

SRPMS

5/core

• roundcubemail-1.0.9-1.2.mga5