Package: roundcube; Maintainer for roundcube is Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org>; Source for roundcube is src:roundcube (PTS, buildd, popcon).
Reported by: Micah Anderson <micah@debian.org>
Date: Wed, 12 Dec 2007 03:00:01 UTC
Severity: grave
Fixed in version roundcube/0.1~rc2-6
Done: Romain Beauxis <toots@rastageeks.org>
Bug is archived. No further changes may be made.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org>
:
Bug#455840
; Package roundcube
.
(full text, mbox, link).
Acknowledgement sent to Micah Anderson <micah@debian.org>
:
New Bug report received and forwarded. Copy sent to Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: roundcube Severity: normal Hi, CVE-2007-6321 details a XSS vulnerability in Roundcube 0.1rc2 and earlier. Its only affects users of IE who are using roundcube, so it may seem unimportant, but the sad fact of the matter is many people still use that browser and most people who run webmail are likely to be visited by IE users. Please mention this CVE in any changelogs that address this issue. When a fix is available, please upload with urgency=high to speed up migration to testing. If you have any questions or need help, visit us in channel #debian-security on OFTC. URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6321 Reference: BUGTRAQ:20071209 Unsanitized scripting in RoundCube webmail Reference: http://www.securityfocus.com/archive/1/archive/1/484802/100/0/threaded Reference: http://openmya.hacker.jp/hasegawa/security/expression.txt Reference: XF:roundcube-email-messages-xss(38981) Reference: URL:http://xforce.iss.net/xforce/xfdb/38981 Micah -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.22-2-vserver-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash
Severity set to `grave' from `normal'
Request was from Micah Anderson <micah@debian.org>
to control@bugs.debian.org
.
(Fri, 28 Dec 2007 16:09:13 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org>
:
Bug#455840
; Package roundcube
.
(full text, mbox, link).
Acknowledgement sent to Vincent Bernat <bernat@luffy.cx>
:
Extra info received and forwarded to list. Copy sent to Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org>
.
(full text, mbox, link).
Message #12 received at 455840@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
OoO En ce milieu de nuit étoilée du mercredi 12 décembre 2007, vers 03:46, Micah Anderson <micah@debian.org> disait: > CVE-2007-6321 details a XSS vulnerability in Roundcube 0.1rc2 and > earlier. Its only affects users of IE who are using roundcube, so it may > seem unimportant, but the sad fact of the matter is many people > still use that browser and most people who run webmail are likely to be > visited by IE users. > Please mention this CVE in any changelogs that address this issue. When > a fix is available, please upload with urgency=high to speed up > migration to testing. If you have any questions or need help, visit us > in channel #debian-security on OFTC. > URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6321 > Reference: BUGTRAQ:20071209 Unsanitized scripting in RoundCube webmail > Reference: http://www.securityfocus.com/archive/1/archive/1/484802/100/0/threaded > Reference: http://openmya.hacker.jp/hasegawa/security/expression.txt > Reference: XF:roundcube-email-messages-xss(38981) > Reference: URL:http://xforce.iss.net/xforce/xfdb/38981 There is a proposition from Roundcube dev here: http://lists.roundcube.net/mail-archive/dev/2007-12/0000038.html I have tested it with ie4linux and it seems that it is still vulnerable. Could someone else check this? I attach the patch as well.
[ie-xss.200712131255.patch (text/x-diff, inline)]
Index: program/steps/mail/func.inc =================================================================== --- program/steps/mail/func.inc (revision 943) +++ program/steps/mail/func.inc (working copy) @@ -477,6 +477,85 @@ } +function rcmail_html_filter($html) + { + preg_match_all('/<\/?\w+((\s+\w+(\s*=\s*(?:".*?"|\'.*?\'|[^\'">\s]+))?)+\s*|\s*)\/?>/', $html, $tags); + + /* From Squirrelmail: Translate all dangerous Unicode or Shift_JIS characters which are accepted by + * IE as regular characters. */ + $replace = array(array('ʟ', 'ʟ' ,/* L UNICODE IPA Extension */ + 'ʀ', 'ʀ' ,/* R UNICODE IPA Extension */ + 'ɴ', 'ɴ' ,/* N UNICODE IPA Extension */ + 'E', 'E' ,/* Unicode FULLWIDTH LATIN CAPITAL LETTER E */ + 'e', 'e' ,/* Unicode FULLWIDTH LATIN SMALL LETTER E */ + 'X', 'X',/* Unicode FULLWIDTH LATIN CAPITAL LETTER X */ + 'x', 'x',/* Unicode FULLWIDTH LATIN SMALL LETTER X */ + 'P', 'P',/* Unicode FULLWIDTH LATIN CAPITAL LETTER P */ + 'p', 'p',/* Unicode FULLWIDTH LATIN SMALL LETTER P */ + 'R', 'R',/* Unicode FULLWIDTH LATIN CAPITAL LETTER R */ + 'r', 'r',/* Unicode FULLWIDTH LATIN SMALL LETTER R */ + 'S', 'S',/* Unicode FULLWIDTH LATIN CAPITAL LETTER S */ + 's', 's',/* Unicode FULLWIDTH LATIN SMALL LETTER S */ + 'I', 'I',/* Unicode FULLWIDTH LATIN CAPITAL LETTER I */ + 'i', 'i',/* Unicode FULLWIDTH LATIN SMALL LETTER I */ + 'O', 'O',/* Unicode FULLWIDTH LATIN CAPITAL LETTER O */ + 'o', 'o',/* Unicode FULLWIDTH LATIN SMALL LETTER O */ + 'N', 'N',/* Unicode FULLWIDTH LATIN CAPITAL LETTER N */ + 'n', 'n',/* Unicode FULLWIDTH LATIN SMALL LETTER N */ + 'L', 'L',/* Unicode FULLWIDTH LATIN CAPITAL LETTER L */ + 'l', 'l',/* Unicode FULLWIDTH LATIN SMALL LETTER L */ + 'U', 'U',/* Unicode FULLWIDTH LATIN CAPITAL LETTER U */ + 'u', 'u',/* Unicode FULLWIDTH LATIN SMALL LETTER U */ + 'ⁿ', 'ⁿ' ,/* Unicode SUPERSCRIPT LATIN SMALL LETTER N */ + "\xEF\xBC\xA5", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER E */ + /* in unicode this is some Chinese char range */ + "\xEF\xBD\x85", /* Shift JIS FULLWIDTH LATIN SMALL LETTER E */ + "\xEF\xBC\xB8", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER X */ + "\xEF\xBD\x98", /* Shift JIS FULLWIDTH LATIN SMALL LETTER X */ + "\xEF\xBC\xB0", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER P */ + "\xEF\xBD\x90", /* Shift JIS FULLWIDTH LATIN SMALL LETTER P */ + "\xEF\xBC\xB2", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER R */ + "\xEF\xBD\x92", /* Shift JIS FULLWIDTH LATIN SMALL LETTER R */ + "\xEF\xBC\xB3", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER S */ + "\xEF\xBD\x93", /* Shift JIS FULLWIDTH LATIN SMALL LETTER S */ + "\xEF\xBC\xA9", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER I */ + "\xEF\xBD\x89", /* Shift JIS FULLWIDTH LATIN SMALL LETTER I */ + "\xEF\xBC\xAF", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER O */ + "\xEF\xBD\x8F", /* Shift JIS FULLWIDTH LATIN SMALL LETTER O */ + "\xEF\xBC\xAE", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER N */ + "\xEF\xBD\x8E", /* Shift JIS FULLWIDTH LATIN SMALL LETTER N */ + "\xEF\xBC\xAC", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER L */ + "\xEF\xBD\x8C", /* Shift JIS FULLWIDTH LATIN SMALL LETTER L */ + "\xEF\xBC\xB5", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER U */ + "\xEF\xBD\x95", /* Shift JIS FULLWIDTH LATIN SMALL LETTER U */ + "\xE2\x81\xBF", /* Shift JIS FULLWIDTH SUPERSCRIPT N */ + "\xCA\x9F", /* L UNICODE IPA Extension */ + "\xCA\x80", /* R UNICODE IPA Extension */ + "\xC9\xB4"), /* N UNICODE IPA Extension */ + array('l', 'l', 'r', 'r', 'n', 'n', 'E', 'E', 'e', 'e', 'X', 'X', 'x', 'x', + 'P', 'P', 'p', 'p', 'R', 'R', 'r', 'r', 'S', 'S', 's', 's', 'I', 'I', + 'i', 'i', 'O', 'O', 'o', 'o', 'N', 'N', 'n', 'n', 'L', 'L', 'l', 'l', + 'U', 'U', 'u', 'u', 'n', 'n', 'E', 'e', 'X', 'x', 'P', 'p', 'R', 'r', + 'S', 's', 'I', 'i', 'O', 'o', 'N', 'n', 'L', 'l', 'U', 'u', 'n', 'l', 'r', 'n')); + if ((count($tags)>3) && (count($tags[3])>0)) + foreach ($tags[3] as $nr=>$value) + { + /* Remove comments */ + $newvalue = preg_replace('/(\/\*.*\*\/)/','$2',$value); + /* Translate dangerous characters */ + $newvalue = str_replace($replace[0], $replace[1], $newvalue); + /* Rename dangerous CSS */ + $newvalue = preg_replace('/expression/i', 'expresion', $newvalue); + $newvalue = preg_replace('/url/i', 'urrl', $newvalue); + $newattrs = preg_replace('/'.preg_quote($value, '/').'$/', $newvalue, $tags[1][$nr]); + $newtag = preg_replace('/'.preg_quote($tags[1][$nr], '/').'/', $newattrs, $tags[0][$nr]); + $html = preg_replace('/'.preg_quote($tags[0][$nr], '/').'/', $newtag, $html); + } + + return $html; + } + + function rcmail_print_body($part, $safe=FALSE, $plain=FALSE) { global $IMAP, $REMOTE_OBJECTS; @@ -528,7 +607,7 @@ $body = preg_replace($remote_patterns, $remote_replaces, $body); } - return Q($body, 'show', FALSE); + return Q(rcmail_html_filter($body), 'show', FALSE); } // text/enriched
[Message part 3 (text/plain, inline)]
-- CLASS CLOWN IS NOT A PAID POSITION CLASS CLOWN IS NOT A PAID POSITION CLASS CLOWN IS NOT A PAID POSITION -+- Bart Simpson on chalkboard in episode BABF08
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org>
:
Bug#455840
; Package roundcube
.
(full text, mbox, link).
Acknowledgement sent to Vincent Bernat <bernat@luffy.cx>
:
Extra info received and forwarded to list. Copy sent to Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org>
.
(full text, mbox, link).
Message #17 received at 455840@bugs.debian.org (full text, mbox, reply):
Hi ! I have tested with a current IE7 and the XSS problem appears despite having applied the patch.
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org>
:
Bug#455840
; Package roundcube
.
(full text, mbox, link).
Acknowledgement sent to Vincent Bernat <bernat@luffy.cx>
:
Extra info received and forwarded to list. Copy sent to Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org>
.
(full text, mbox, link).
Message #22 received at 455840@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
OoO En ce début de soirée du vendredi 28 décembre 2007, vers 21:45, je disais: >> I found Squirrelmail's solution. They seem to use one function for every >> possible tag in the HTML source: >> http://osdir.com/ml/mail.squirrelmail.cvs/2006-12/msg00031.html >> I'll try to implement that, and/or search for more :) > Hi Robin ! > I noticed that you have posted a patch. I have tried it but it seems > that there is no effect. I have tried with ie6 from ie4linux and I still > get the javascript popups. Did you try it succesfully on rc2? > I have used the test message from here: > http://www.topolis.lt/bugtraq/expression.eml.gz I have tried with an up-to-date IE7 and the patch provided here does not fix the issue. In fact, the source code shows there is still unsanitized strings. I have completed the patch with a function from Squirrelmail (sq_defang). I have attached the complete patch.
[Message part 2 (application/pgp-signature, inline)]
[xss-fix.patch (text/x-diff, inline)]
--- roundcube/program/steps/mail/func.inc 2007-10-17 08:50:28.000000000 +0200 +++ roundcube/program/steps/mail/func.inc 2008-01-22 21:59:30.000000000 +0100 @@ -481,6 +481,124 @@ return Q($out); } +/* Stolen from Squirrelmail */ +function sq_deent(&$attvalue, $regex, $hex=false){ + $ret_match = false; + preg_match_all($regex, $attvalue, $matches); + if (is_array($matches) && sizeof($matches[0]) > 0){ + $repl = Array(); + for ($i = 0; $i < sizeof($matches[0]); $i++){ + $numval = $matches[1][$i]; + if ($hex){ + $numval = hexdec($numval); + } + $repl{$matches[0][$i]} = chr($numval); + } + $attvalue = strtr($attvalue, $repl); + return true; + } else { + return false; + } +} + +/* Stolen verbatim from Squirrelmail */ +function sq_defang(&$attvalue){ + /** + * Skip this if there aren't ampersands or backslashes. + */ + if (strpos($attvalue, '&') === false + && strpos($attvalue, '\\') === false){ + return; + } + $m = false; + do { + $m = false; + $m = $m || sq_deent($attvalue, '/\�*(\d+);*/s'); + $m = $m || sq_deent($attvalue, '/\�*((\d|[a-f])+);*/si', true); + $m = $m || sq_deent($attvalue, '/\\\\(\d+)/s', true); + } while ($m == true); + $attvalue = stripslashes($attvalue); +} + +function rcmail_html_filter($html) + { + preg_match_all('/<\/?\w+((\s+\w+(\s*=\s*(?:".*?"|\'.*?\'|[^\'">\s]+))?)+\s*|\s*)\/?>/', $html, $tags); + + /* From Squirrelmail: Translate all dangerous Unicode or Shift_JIS characters which are accepted by + * IE as regular characters. */ + $replace = array(array('ʟ', 'ʟ' ,/* L UNICODE IPA Extension */ + 'ʀ', 'ʀ' ,/* R UNICODE IPA Extension */ + 'ɴ', 'ɴ' ,/* N UNICODE IPA Extension */ + 'E', 'E' ,/* Unicode FULLWIDTH LATIN CAPITAL LETTER E */ + 'e', 'e' ,/* Unicode FULLWIDTH LATIN SMALL LETTER E */ + 'X', 'X',/* Unicode FULLWIDTH LATIN CAPITAL LETTER X */ + 'x', 'x',/* Unicode FULLWIDTH LATIN SMALL LETTER X */ + 'P', 'P',/* Unicode FULLWIDTH LATIN CAPITAL LETTER P */ + 'p', 'p',/* Unicode FULLWIDTH LATIN SMALL LETTER P */ + 'R', 'R',/* Unicode FULLWIDTH LATIN CAPITAL LETTER R */ + 'r', 'r',/* Unicode FULLWIDTH LATIN SMALL LETTER R */ + 'S', 'S',/* Unicode FULLWIDTH LATIN CAPITAL LETTER S */ + 's', 's',/* Unicode FULLWIDTH LATIN SMALL LETTER S */ + 'I', 'I',/* Unicode FULLWIDTH LATIN CAPITAL LETTER I */ + 'i', 'i',/* Unicode FULLWIDTH LATIN SMALL LETTER I */ + 'O', 'O',/* Unicode FULLWIDTH LATIN CAPITAL LETTER O */ + 'o', 'o',/* Unicode FULLWIDTH LATIN SMALL LETTER O */ + 'N', 'N',/* Unicode FULLWIDTH LATIN CAPITAL LETTER N */ + 'n', 'n',/* Unicode FULLWIDTH LATIN SMALL LETTER N */ + 'L', 'L',/* Unicode FULLWIDTH LATIN CAPITAL LETTER L */ + 'l', 'l',/* Unicode FULLWIDTH LATIN SMALL LETTER L */ + 'U', 'U',/* Unicode FULLWIDTH LATIN CAPITAL LETTER U */ + 'u', 'u',/* Unicode FULLWIDTH LATIN SMALL LETTER U */ + 'ⁿ', 'ⁿ' ,/* Unicode SUPERSCRIPT LATIN SMALL LETTER N */ + "\xEF\xBC\xA5", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER E */ + /* in unicode this is some Chinese char range */ + "\xEF\xBD\x85", /* Shift JIS FULLWIDTH LATIN SMALL LETTER E */ + "\xEF\xBC\xB8", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER X */ + "\xEF\xBD\x98", /* Shift JIS FULLWIDTH LATIN SMALL LETTER X */ + "\xEF\xBC\xB0", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER P */ + "\xEF\xBD\x90", /* Shift JIS FULLWIDTH LATIN SMALL LETTER P */ + "\xEF\xBC\xB2", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER R */ + "\xEF\xBD\x92", /* Shift JIS FULLWIDTH LATIN SMALL LETTER R */ + "\xEF\xBC\xB3", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER S */ + "\xEF\xBD\x93", /* Shift JIS FULLWIDTH LATIN SMALL LETTER S */ + "\xEF\xBC\xA9", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER I */ + "\xEF\xBD\x89", /* Shift JIS FULLWIDTH LATIN SMALL LETTER I */ + "\xEF\xBC\xAF", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER O */ + "\xEF\xBD\x8F", /* Shift JIS FULLWIDTH LATIN SMALL LETTER O */ + "\xEF\xBC\xAE", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER N */ + "\xEF\xBD\x8E", /* Shift JIS FULLWIDTH LATIN SMALL LETTER N */ + "\xEF\xBC\xAC", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER L */ + "\xEF\xBD\x8C", /* Shift JIS FULLWIDTH LATIN SMALL LETTER L */ + "\xEF\xBC\xB5", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER U */ + "\xEF\xBD\x95", /* Shift JIS FULLWIDTH LATIN SMALL LETTER U */ + "\xE2\x81\xBF", /* Shift JIS FULLWIDTH SUPERSCRIPT N */ + "\xCA\x9F", /* L UNICODE IPA Extension */ + "\xCA\x80", /* R UNICODE IPA Extension */ + "\xC9\xB4"), /* N UNICODE IPA Extension */ + array('l', 'l', 'r', 'r', 'n', 'n', 'E', 'E', 'e', 'e', 'X', 'X', 'x', 'x', + 'P', 'P', 'p', 'p', 'R', 'R', 'r', 'r', 'S', 'S', 's', 's', 'I', 'I', + 'i', 'i', 'O', 'O', 'o', 'o', 'N', 'N', 'n', 'n', 'L', 'L', 'l', 'l', + 'U', 'U', 'u', 'u', 'n', 'n', 'E', 'e', 'X', 'x', 'P', 'p', 'R', 'r', + 'S', 's', 'I', 'i', 'O', 'o', 'N', 'n', 'L', 'l', 'U', 'u', 'n', 'l', 'r', 'n')); + if ((count($tags)>3) && (count($tags[3])>0)) + foreach ($tags[3] as $nr=>$value) + { + /* Remove comments */ + $newvalue = preg_replace('/(\/\*.*\*\/)/','$2',$value); + /* Translate dangerous characters */ + $newvalue = str_replace($replace[0], $replace[1], $newvalue); + sq_defang($newvalue); + /* Rename dangerous CSS */ + $newvalue = preg_replace('/expression/i', 'idiocy', $newvalue); + $newvalue = preg_replace('/url/i', 'idiocy', $newvalue); + $newattrs = preg_replace('/'.preg_quote($value, '/').'$/', $newvalue, $tags[1][$nr]); + $newtag = preg_replace('/'.preg_quote($tags[1][$nr], '/').'/', $newattrs, $tags[0][$nr]); + $html = preg_replace('/'.preg_quote($tags[0][$nr], '/').'/', $newtag, $html); + } + + return $html; + } + function rcmail_print_body($part, $safe=FALSE, $plain=FALSE) { @@ -533,7 +651,7 @@ $body = preg_replace($remote_patterns, $remote_replaces, $body); } - return Q($body, 'show', FALSE); + return Q(rcmail_html_filter($body), 'show', FALSE); } // text/enriched
[Message part 4 (text/plain, inline)]
There is still some unsanitized strings but IE does not trigger any alert any more. We will use this patch as a temporary fix for Roundcube Debian package unless you see a better way to handle this issue. -- Treat end of file conditions in a uniform manner. - The Elements of Programming Style (Kernighan & Plauger)
Reply sent to Romain Beauxis <toots@rastageeks.org>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Micah Anderson <micah@debian.org>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #27 received at 455840-close@bugs.debian.org (full text, mbox, reply):
Source: roundcube Source-Version: 0.1~rc2-6 We believe that the bug you reported is fixed in the latest version of roundcube, which is due to be installed in the Debian FTP archive: roundcube-core_0.1~rc2-6_all.deb to pool/main/r/roundcube/roundcube-core_0.1~rc2-6_all.deb roundcube-mysql_0.1~rc2-6_all.deb to pool/main/r/roundcube/roundcube-mysql_0.1~rc2-6_all.deb roundcube-pgsql_0.1~rc2-6_all.deb to pool/main/r/roundcube/roundcube-pgsql_0.1~rc2-6_all.deb roundcube-sqlite_0.1~rc2-6_all.deb to pool/main/r/roundcube/roundcube-sqlite_0.1~rc2-6_all.deb roundcube_0.1~rc2-6.diff.gz to pool/main/r/roundcube/roundcube_0.1~rc2-6.diff.gz roundcube_0.1~rc2-6.dsc to pool/main/r/roundcube/roundcube_0.1~rc2-6.dsc roundcube_0.1~rc2-6_all.deb to pool/main/r/roundcube/roundcube_0.1~rc2-6_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 455840@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Romain Beauxis <toots@rastageeks.org> (supplier of updated roundcube package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 26 Jan 2008 03:26:42 +0100 Source: roundcube Binary: roundcube-core roundcube roundcube-mysql roundcube-pgsql roundcube-sqlite Architecture: source all Version: 0.1~rc2-6 Distribution: unstable Urgency: high Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org> Changed-By: Romain Beauxis <toots@rastageeks.org> Description: roundcube - skinnable AJAX based webmail solution for IMAP servers roundcube-core - skinnable AJAX based webmail solution for IMAP servers roundcube-mysql - virtual package providing MySQL dependencies for RoundCube roundcube-pgsql - virtual package providing PostgreSQL dependencies for RoundCube roundcube-sqlite - virtual package providing sqlite dependencies for RoundCube Closes: 455840 458244 Changes: roundcube (0.1~rc2-6) unstable; urgency=high . [ Vincent Bernat ] * Bug fix: "CVE-2007-6321: Cross-site scripting (XSS) vulnerability", thanks to Micah Anderson (Closes: #455840). The patch is from http://lists.roundcube.net/mail-archive/dev/2007-12/0000038.html and provided by Robin Elfrink. It has been modified with some functions stolen from Squirrelmail. * Finnish debconf template, thanks to Esko Arajärvi (Closes: #458244). . [ Romain Beauxis ] * Added DM-Upload-Allowed: yes to control file. * Moved po-debconf to Build-Dep since it is needed for clean target. Thanks to lintian. Files: bbf0ce2770571b18b5cf648f127b8608 1010 web extra roundcube_0.1~rc2-6.dsc a5aa65929032452d043b7861a4a276a9 21046 web extra roundcube_0.1~rc2-6.diff.gz 33362efa38abbc0353732e506e27fdb9 493432 web extra roundcube-core_0.1~rc2-6_all.deb c4c749c8f9e6beb3c567c66bade24fb0 5818 web extra roundcube_0.1~rc2-6_all.deb c45785d7a426b55ac5913d7ba11927b3 5176 web extra roundcube-mysql_0.1~rc2-6_all.deb eef590147e40b5d246141791b4c9edbf 5188 web extra roundcube-pgsql_0.1~rc2-6_all.deb 17c6fa42a3e75a114ad36b20da78b404 5154 web extra roundcube-sqlite_0.1~rc2-6_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHmp6ZnuQ3Rt5ZmAARAmNYAJwJh5wr4K9kJ/oAvKksfXSPJEBGtwCcCsY9 N1FmMi0XAWkyV8RVltx4Ork= =FFaX -----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Wed, 05 Mar 2008 07:29:46 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.