Advisories » MGASA-2020-0261

Updated roundcubemail packages fix security vulnerability

Publication date: 15 Jun 2020
Modification date: 15 Jun 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-13964 , CVE-2020-13965

Description

The latest maintenance release of roundcubemail fixes some xss issues:
- Fix XSS issue in template object 'username'
- Fix cross-site scripting (XSS) via malicious XML attachment
and improves the fix for CVE-2020-12641
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26720
• https://github.com/roundcube/roundcubemail/releases/tag/1.3.12
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965

SRPMS

7/core

• roundcubemail-1.3.12-1.mga7