Debian Bug report logs -
#455840
CVE-2007-6321: Cross-site scripting (XSS) vulnerability
Reported by: Micah Anderson <micah@debian.org>
Date: Wed, 12 Dec 2007 03:00:01 UTC
Severity: grave
Fixed in version roundcube/0.1~rc2-6
Done: Romain Beauxis <toots@rastageeks.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org>:
Bug#455840; Package roundcube.
(full text, mbox, link).
Acknowledgement sent to Micah Anderson <micah@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: roundcube
Severity: normal
Hi,
CVE-2007-6321 details a XSS vulnerability in Roundcube 0.1rc2 and
earlier. Its only affects users of IE who are using roundcube, so it may
seem unimportant, but the sad fact of the matter is many people
still use that browser and most people who run webmail are likely to be
visited by IE users.
Please mention this CVE in any changelogs that address this issue. When
a fix is available, please upload with urgency=high to speed up
migration to testing. If you have any questions or need help, visit us
in channel #debian-security on OFTC.
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6321
Reference: BUGTRAQ:20071209 Unsanitized scripting in RoundCube webmail
Reference: http://www.securityfocus.com/archive/1/archive/1/484802/100/0/threaded
Reference: http://openmya.hacker.jp/hasegawa/security/expression.txt
Reference: XF:roundcube-email-messages-xss(38981)
Reference: URL:http://xforce.iss.net/xforce/xfdb/38981
Micah
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-2-vserver-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Severity set to `grave' from `normal'
Request was from Micah Anderson <micah@debian.org>
to control@bugs.debian.org.
(Fri, 28 Dec 2007 16:09:13 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org>:
Bug#455840; Package roundcube.
(full text, mbox, link).
Acknowledgement sent to Vincent Bernat <bernat@luffy.cx>:
Extra info received and forwarded to list. Copy sent to Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org>.
(full text, mbox, link).
Message #12 received at 455840@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
OoO En ce milieu de nuit étoilée du mercredi 12 décembre 2007, vers
03:46, Micah Anderson <micah@debian.org> disait:
> CVE-2007-6321 details a XSS vulnerability in Roundcube 0.1rc2 and
> earlier. Its only affects users of IE who are using roundcube, so it may
> seem unimportant, but the sad fact of the matter is many people
> still use that browser and most people who run webmail are likely to be
> visited by IE users.
> Please mention this CVE in any changelogs that address this issue. When
> a fix is available, please upload with urgency=high to speed up
> migration to testing. If you have any questions or need help, visit us
> in channel #debian-security on OFTC.
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6321
> Reference: BUGTRAQ:20071209 Unsanitized scripting in RoundCube webmail
> Reference: http://www.securityfocus.com/archive/1/archive/1/484802/100/0/threaded
> Reference: http://openmya.hacker.jp/hasegawa/security/expression.txt
> Reference: XF:roundcube-email-messages-xss(38981)
> Reference: URL:http://xforce.iss.net/xforce/xfdb/38981
There is a proposition from Roundcube dev here:
http://lists.roundcube.net/mail-archive/dev/2007-12/0000038.html
I have tested it with ie4linux and it seems that it is still
vulnerable. Could someone else check this?
I attach the patch as well.
[ie-xss.200712131255.patch (text/x-diff, inline)]
Index: program/steps/mail/func.inc
===================================================================
--- program/steps/mail/func.inc (revision 943)
+++ program/steps/mail/func.inc (working copy)
@@ -477,6 +477,85 @@
}
+function rcmail_html_filter($html)
+ {
+ preg_match_all('/<\/?\w+((\s+\w+(\s*=\s*(?:".*?"|\'.*?\'|[^\'">\s]+))?)+\s*|\s*)\/?>/', $html, $tags);
+
+ /* From Squirrelmail: Translate all dangerous Unicode or Shift_JIS characters which are accepted by
+ * IE as regular characters. */
+ $replace = array(array('ʟ', 'ʟ' ,/* L UNICODE IPA Extension */
+ 'ʀ', 'ʀ' ,/* R UNICODE IPA Extension */
+ 'ɴ', 'ɴ' ,/* N UNICODE IPA Extension */
+ 'E', 'E' ,/* Unicode FULLWIDTH LATIN CAPITAL LETTER E */
+ 'e', 'e' ,/* Unicode FULLWIDTH LATIN SMALL LETTER E */
+ 'X', 'X',/* Unicode FULLWIDTH LATIN CAPITAL LETTER X */
+ 'x', 'x',/* Unicode FULLWIDTH LATIN SMALL LETTER X */
+ 'P', 'P',/* Unicode FULLWIDTH LATIN CAPITAL LETTER P */
+ 'p', 'p',/* Unicode FULLWIDTH LATIN SMALL LETTER P */
+ 'R', 'R',/* Unicode FULLWIDTH LATIN CAPITAL LETTER R */
+ 'r', 'r',/* Unicode FULLWIDTH LATIN SMALL LETTER R */
+ 'S', 'S',/* Unicode FULLWIDTH LATIN CAPITAL LETTER S */
+ 's', 's',/* Unicode FULLWIDTH LATIN SMALL LETTER S */
+ 'I', 'I',/* Unicode FULLWIDTH LATIN CAPITAL LETTER I */
+ 'i', 'i',/* Unicode FULLWIDTH LATIN SMALL LETTER I */
+ 'O', 'O',/* Unicode FULLWIDTH LATIN CAPITAL LETTER O */
+ 'o', 'o',/* Unicode FULLWIDTH LATIN SMALL LETTER O */
+ 'N', 'N',/* Unicode FULLWIDTH LATIN CAPITAL LETTER N */
+ 'n', 'n',/* Unicode FULLWIDTH LATIN SMALL LETTER N */
+ 'L', 'L',/* Unicode FULLWIDTH LATIN CAPITAL LETTER L */
+ 'l', 'l',/* Unicode FULLWIDTH LATIN SMALL LETTER L */
+ 'U', 'U',/* Unicode FULLWIDTH LATIN CAPITAL LETTER U */
+ 'u', 'u',/* Unicode FULLWIDTH LATIN SMALL LETTER U */
+ 'ⁿ', 'ⁿ' ,/* Unicode SUPERSCRIPT LATIN SMALL LETTER N */
+ "\xEF\xBC\xA5", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER E */
+ /* in unicode this is some Chinese char range */
+ "\xEF\xBD\x85", /* Shift JIS FULLWIDTH LATIN SMALL LETTER E */
+ "\xEF\xBC\xB8", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER X */
+ "\xEF\xBD\x98", /* Shift JIS FULLWIDTH LATIN SMALL LETTER X */
+ "\xEF\xBC\xB0", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER P */
+ "\xEF\xBD\x90", /* Shift JIS FULLWIDTH LATIN SMALL LETTER P */
+ "\xEF\xBC\xB2", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER R */
+ "\xEF\xBD\x92", /* Shift JIS FULLWIDTH LATIN SMALL LETTER R */
+ "\xEF\xBC\xB3", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER S */
+ "\xEF\xBD\x93", /* Shift JIS FULLWIDTH LATIN SMALL LETTER S */
+ "\xEF\xBC\xA9", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER I */
+ "\xEF\xBD\x89", /* Shift JIS FULLWIDTH LATIN SMALL LETTER I */
+ "\xEF\xBC\xAF", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER O */
+ "\xEF\xBD\x8F", /* Shift JIS FULLWIDTH LATIN SMALL LETTER O */
+ "\xEF\xBC\xAE", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER N */
+ "\xEF\xBD\x8E", /* Shift JIS FULLWIDTH LATIN SMALL LETTER N */
+ "\xEF\xBC\xAC", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER L */
+ "\xEF\xBD\x8C", /* Shift JIS FULLWIDTH LATIN SMALL LETTER L */
+ "\xEF\xBC\xB5", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER U */
+ "\xEF\xBD\x95", /* Shift JIS FULLWIDTH LATIN SMALL LETTER U */
+ "\xE2\x81\xBF", /* Shift JIS FULLWIDTH SUPERSCRIPT N */
+ "\xCA\x9F", /* L UNICODE IPA Extension */
+ "\xCA\x80", /* R UNICODE IPA Extension */
+ "\xC9\xB4"), /* N UNICODE IPA Extension */
+ array('l', 'l', 'r', 'r', 'n', 'n', 'E', 'E', 'e', 'e', 'X', 'X', 'x', 'x',
+ 'P', 'P', 'p', 'p', 'R', 'R', 'r', 'r', 'S', 'S', 's', 's', 'I', 'I',
+ 'i', 'i', 'O', 'O', 'o', 'o', 'N', 'N', 'n', 'n', 'L', 'L', 'l', 'l',
+ 'U', 'U', 'u', 'u', 'n', 'n', 'E', 'e', 'X', 'x', 'P', 'p', 'R', 'r',
+ 'S', 's', 'I', 'i', 'O', 'o', 'N', 'n', 'L', 'l', 'U', 'u', 'n', 'l', 'r', 'n'));
+ if ((count($tags)>3) && (count($tags[3])>0))
+ foreach ($tags[3] as $nr=>$value)
+ {
+ /* Remove comments */
+ $newvalue = preg_replace('/(\/\*.*\*\/)/','$2',$value);
+ /* Translate dangerous characters */
+ $newvalue = str_replace($replace[0], $replace[1], $newvalue);
+ /* Rename dangerous CSS */
+ $newvalue = preg_replace('/expression/i', 'expresion', $newvalue);
+ $newvalue = preg_replace('/url/i', 'urrl', $newvalue);
+ $newattrs = preg_replace('/'.preg_quote($value, '/').'$/', $newvalue, $tags[1][$nr]);
+ $newtag = preg_replace('/'.preg_quote($tags[1][$nr], '/').'/', $newattrs, $tags[0][$nr]);
+ $html = preg_replace('/'.preg_quote($tags[0][$nr], '/').'/', $newtag, $html);
+ }
+
+ return $html;
+ }
+
+
function rcmail_print_body($part, $safe=FALSE, $plain=FALSE)
{
global $IMAP, $REMOTE_OBJECTS;
@@ -528,7 +607,7 @@
$body = preg_replace($remote_patterns, $remote_replaces, $body);
}
- return Q($body, 'show', FALSE);
+ return Q(rcmail_html_filter($body), 'show', FALSE);
}
// text/enriched
[Message part 3 (text/plain, inline)]
--
CLASS CLOWN IS NOT A PAID POSITION
CLASS CLOWN IS NOT A PAID POSITION
CLASS CLOWN IS NOT A PAID POSITION
-+- Bart Simpson on chalkboard in episode BABF08
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org>:
Bug#455840; Package roundcube.
(full text, mbox, link).
Acknowledgement sent to Vincent Bernat <bernat@luffy.cx>:
Extra info received and forwarded to list. Copy sent to Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org>.
(full text, mbox, link).
Message #17 received at 455840@bugs.debian.org (full text, mbox, reply):
Hi !
I have tested with a current IE7 and the XSS problem appears despite
having applied the patch.
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org>:
Bug#455840; Package roundcube.
(full text, mbox, link).
Acknowledgement sent to Vincent Bernat <bernat@luffy.cx>:
Extra info received and forwarded to list. Copy sent to Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org>.
(full text, mbox, link).
Message #22 received at 455840@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
OoO En ce début de soirée du vendredi 28 décembre 2007, vers 21:45, je
disais:
>> I found Squirrelmail's solution. They seem to use one function for every
>> possible tag in the HTML source:
>> http://osdir.com/ml/mail.squirrelmail.cvs/2006-12/msg00031.html
>> I'll try to implement that, and/or search for more :)
> Hi Robin !
> I noticed that you have posted a patch. I have tried it but it seems
> that there is no effect. I have tried with ie6 from ie4linux and I still
> get the javascript popups. Did you try it succesfully on rc2?
> I have used the test message from here:
> http://www.topolis.lt/bugtraq/expression.eml.gz
I have tried with an up-to-date IE7 and the patch provided here does not
fix the issue. In fact, the source code shows there is still unsanitized
strings. I have completed the patch with a function from Squirrelmail
(sq_defang). I have attached the complete patch.
[Message part 2 (application/pgp-signature, inline)]
[xss-fix.patch (text/x-diff, inline)]
--- roundcube/program/steps/mail/func.inc 2007-10-17 08:50:28.000000000 +0200
+++ roundcube/program/steps/mail/func.inc 2008-01-22 21:59:30.000000000 +0100
@@ -481,6 +481,124 @@
return Q($out);
}
+/* Stolen from Squirrelmail */
+function sq_deent(&$attvalue, $regex, $hex=false){
+ $ret_match = false;
+ preg_match_all($regex, $attvalue, $matches);
+ if (is_array($matches) && sizeof($matches[0]) > 0){
+ $repl = Array();
+ for ($i = 0; $i < sizeof($matches[0]); $i++){
+ $numval = $matches[1][$i];
+ if ($hex){
+ $numval = hexdec($numval);
+ }
+ $repl{$matches[0][$i]} = chr($numval);
+ }
+ $attvalue = strtr($attvalue, $repl);
+ return true;
+ } else {
+ return false;
+ }
+}
+
+/* Stolen verbatim from Squirrelmail */
+function sq_defang(&$attvalue){
+ /**
+ * Skip this if there aren't ampersands or backslashes.
+ */
+ if (strpos($attvalue, '&') === false
+ && strpos($attvalue, '\\') === false){
+ return;
+ }
+ $m = false;
+ do {
+ $m = false;
+ $m = $m || sq_deent($attvalue, '/\�*(\d+);*/s');
+ $m = $m || sq_deent($attvalue, '/\�*((\d|[a-f])+);*/si', true);
+ $m = $m || sq_deent($attvalue, '/\\\\(\d+)/s', true);
+ } while ($m == true);
+ $attvalue = stripslashes($attvalue);
+}
+
+function rcmail_html_filter($html)
+ {
+ preg_match_all('/<\/?\w+((\s+\w+(\s*=\s*(?:".*?"|\'.*?\'|[^\'">\s]+))?)+\s*|\s*)\/?>/', $html, $tags);
+
+ /* From Squirrelmail: Translate all dangerous Unicode or Shift_JIS characters which are accepted by
+ * IE as regular characters. */
+ $replace = array(array('ʟ', 'ʟ' ,/* L UNICODE IPA Extension */
+ 'ʀ', 'ʀ' ,/* R UNICODE IPA Extension */
+ 'ɴ', 'ɴ' ,/* N UNICODE IPA Extension */
+ 'E', 'E' ,/* Unicode FULLWIDTH LATIN CAPITAL LETTER E */
+ 'e', 'e' ,/* Unicode FULLWIDTH LATIN SMALL LETTER E */
+ 'X', 'X',/* Unicode FULLWIDTH LATIN CAPITAL LETTER X */
+ 'x', 'x',/* Unicode FULLWIDTH LATIN SMALL LETTER X */
+ 'P', 'P',/* Unicode FULLWIDTH LATIN CAPITAL LETTER P */
+ 'p', 'p',/* Unicode FULLWIDTH LATIN SMALL LETTER P */
+ 'R', 'R',/* Unicode FULLWIDTH LATIN CAPITAL LETTER R */
+ 'r', 'r',/* Unicode FULLWIDTH LATIN SMALL LETTER R */
+ 'S', 'S',/* Unicode FULLWIDTH LATIN CAPITAL LETTER S */
+ 's', 's',/* Unicode FULLWIDTH LATIN SMALL LETTER S */
+ 'I', 'I',/* Unicode FULLWIDTH LATIN CAPITAL LETTER I */
+ 'i', 'i',/* Unicode FULLWIDTH LATIN SMALL LETTER I */
+ 'O', 'O',/* Unicode FULLWIDTH LATIN CAPITAL LETTER O */
+ 'o', 'o',/* Unicode FULLWIDTH LATIN SMALL LETTER O */
+ 'N', 'N',/* Unicode FULLWIDTH LATIN CAPITAL LETTER N */
+ 'n', 'n',/* Unicode FULLWIDTH LATIN SMALL LETTER N */
+ 'L', 'L',/* Unicode FULLWIDTH LATIN CAPITAL LETTER L */
+ 'l', 'l',/* Unicode FULLWIDTH LATIN SMALL LETTER L */
+ 'U', 'U',/* Unicode FULLWIDTH LATIN CAPITAL LETTER U */
+ 'u', 'u',/* Unicode FULLWIDTH LATIN SMALL LETTER U */
+ 'ⁿ', 'ⁿ' ,/* Unicode SUPERSCRIPT LATIN SMALL LETTER N */
+ "\xEF\xBC\xA5", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER E */
+ /* in unicode this is some Chinese char range */
+ "\xEF\xBD\x85", /* Shift JIS FULLWIDTH LATIN SMALL LETTER E */
+ "\xEF\xBC\xB8", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER X */
+ "\xEF\xBD\x98", /* Shift JIS FULLWIDTH LATIN SMALL LETTER X */
+ "\xEF\xBC\xB0", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER P */
+ "\xEF\xBD\x90", /* Shift JIS FULLWIDTH LATIN SMALL LETTER P */
+ "\xEF\xBC\xB2", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER R */
+ "\xEF\xBD\x92", /* Shift JIS FULLWIDTH LATIN SMALL LETTER R */
+ "\xEF\xBC\xB3", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER S */
+ "\xEF\xBD\x93", /* Shift JIS FULLWIDTH LATIN SMALL LETTER S */
+ "\xEF\xBC\xA9", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER I */
+ "\xEF\xBD\x89", /* Shift JIS FULLWIDTH LATIN SMALL LETTER I */
+ "\xEF\xBC\xAF", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER O */
+ "\xEF\xBD\x8F", /* Shift JIS FULLWIDTH LATIN SMALL LETTER O */
+ "\xEF\xBC\xAE", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER N */
+ "\xEF\xBD\x8E", /* Shift JIS FULLWIDTH LATIN SMALL LETTER N */
+ "\xEF\xBC\xAC", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER L */
+ "\xEF\xBD\x8C", /* Shift JIS FULLWIDTH LATIN SMALL LETTER L */
+ "\xEF\xBC\xB5", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER U */
+ "\xEF\xBD\x95", /* Shift JIS FULLWIDTH LATIN SMALL LETTER U */
+ "\xE2\x81\xBF", /* Shift JIS FULLWIDTH SUPERSCRIPT N */
+ "\xCA\x9F", /* L UNICODE IPA Extension */
+ "\xCA\x80", /* R UNICODE IPA Extension */
+ "\xC9\xB4"), /* N UNICODE IPA Extension */
+ array('l', 'l', 'r', 'r', 'n', 'n', 'E', 'E', 'e', 'e', 'X', 'X', 'x', 'x',
+ 'P', 'P', 'p', 'p', 'R', 'R', 'r', 'r', 'S', 'S', 's', 's', 'I', 'I',
+ 'i', 'i', 'O', 'O', 'o', 'o', 'N', 'N', 'n', 'n', 'L', 'L', 'l', 'l',
+ 'U', 'U', 'u', 'u', 'n', 'n', 'E', 'e', 'X', 'x', 'P', 'p', 'R', 'r',
+ 'S', 's', 'I', 'i', 'O', 'o', 'N', 'n', 'L', 'l', 'U', 'u', 'n', 'l', 'r', 'n'));
+ if ((count($tags)>3) && (count($tags[3])>0))
+ foreach ($tags[3] as $nr=>$value)
+ {
+ /* Remove comments */
+ $newvalue = preg_replace('/(\/\*.*\*\/)/','$2',$value);
+ /* Translate dangerous characters */
+ $newvalue = str_replace($replace[0], $replace[1], $newvalue);
+ sq_defang($newvalue);
+ /* Rename dangerous CSS */
+ $newvalue = preg_replace('/expression/i', 'idiocy', $newvalue);
+ $newvalue = preg_replace('/url/i', 'idiocy', $newvalue);
+ $newattrs = preg_replace('/'.preg_quote($value, '/').'$/', $newvalue, $tags[1][$nr]);
+ $newtag = preg_replace('/'.preg_quote($tags[1][$nr], '/').'/', $newattrs, $tags[0][$nr]);
+ $html = preg_replace('/'.preg_quote($tags[0][$nr], '/').'/', $newtag, $html);
+ }
+
+ return $html;
+ }
+
function rcmail_print_body($part, $safe=FALSE, $plain=FALSE)
{
@@ -533,7 +651,7 @@
$body = preg_replace($remote_patterns, $remote_replaces, $body);
}
- return Q($body, 'show', FALSE);
+ return Q(rcmail_html_filter($body), 'show', FALSE);
}
// text/enriched
[Message part 4 (text/plain, inline)]
There is still some unsanitized strings but IE does not trigger any
alert any more. We will use this patch as a temporary fix for Roundcube
Debian package unless you see a better way to handle this issue.
--
Treat end of file conditions in a uniform manner.
- The Elements of Programming Style (Kernighan & Plauger)
Reply sent to Romain Beauxis <toots@rastageeks.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Micah Anderson <micah@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #27 received at 455840-close@bugs.debian.org (full text, mbox, reply):
Source: roundcube
Source-Version: 0.1~rc2-6
We believe that the bug you reported is fixed in the latest version of
roundcube, which is due to be installed in the Debian FTP archive:
roundcube-core_0.1~rc2-6_all.deb
to pool/main/r/roundcube/roundcube-core_0.1~rc2-6_all.deb
roundcube-mysql_0.1~rc2-6_all.deb
to pool/main/r/roundcube/roundcube-mysql_0.1~rc2-6_all.deb
roundcube-pgsql_0.1~rc2-6_all.deb
to pool/main/r/roundcube/roundcube-pgsql_0.1~rc2-6_all.deb
roundcube-sqlite_0.1~rc2-6_all.deb
to pool/main/r/roundcube/roundcube-sqlite_0.1~rc2-6_all.deb
roundcube_0.1~rc2-6.diff.gz
to pool/main/r/roundcube/roundcube_0.1~rc2-6.diff.gz
roundcube_0.1~rc2-6.dsc
to pool/main/r/roundcube/roundcube_0.1~rc2-6.dsc
roundcube_0.1~rc2-6_all.deb
to pool/main/r/roundcube/roundcube_0.1~rc2-6_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 455840@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Romain Beauxis <toots@rastageeks.org> (supplier of updated roundcube package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 26 Jan 2008 03:26:42 +0100
Source: roundcube
Binary: roundcube-core roundcube roundcube-mysql roundcube-pgsql roundcube-sqlite
Architecture: source all
Version: 0.1~rc2-6
Distribution: unstable
Urgency: high
Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org>
Changed-By: Romain Beauxis <toots@rastageeks.org>
Description:
roundcube - skinnable AJAX based webmail solution for IMAP servers
roundcube-core - skinnable AJAX based webmail solution for IMAP servers
roundcube-mysql - virtual package providing MySQL dependencies for RoundCube
roundcube-pgsql - virtual package providing PostgreSQL dependencies for RoundCube
roundcube-sqlite - virtual package providing sqlite dependencies for RoundCube
Closes: 455840 458244
Changes:
roundcube (0.1~rc2-6) unstable; urgency=high
.
[ Vincent Bernat ]
* Bug fix: "CVE-2007-6321: Cross-site scripting (XSS) vulnerability",
thanks to Micah Anderson (Closes: #455840). The patch is from
http://lists.roundcube.net/mail-archive/dev/2007-12/0000038.html and
provided by Robin Elfrink. It has been modified with some functions
stolen from Squirrelmail.
* Finnish debconf template, thanks to Esko Arajärvi (Closes: #458244).
.
[ Romain Beauxis ]
* Added DM-Upload-Allowed: yes to control file.
* Moved po-debconf to Build-Dep since it is needed for clean
target. Thanks to lintian.
Files:
bbf0ce2770571b18b5cf648f127b8608 1010 web extra roundcube_0.1~rc2-6.dsc
a5aa65929032452d043b7861a4a276a9 21046 web extra roundcube_0.1~rc2-6.diff.gz
33362efa38abbc0353732e506e27fdb9 493432 web extra roundcube-core_0.1~rc2-6_all.deb
c4c749c8f9e6beb3c567c66bade24fb0 5818 web extra roundcube_0.1~rc2-6_all.deb
c45785d7a426b55ac5913d7ba11927b3 5176 web extra roundcube-mysql_0.1~rc2-6_all.deb
eef590147e40b5d246141791b4c9edbf 5188 web extra roundcube-pgsql_0.1~rc2-6_all.deb
17c6fa42a3e75a114ad36b20da78b404 5154 web extra roundcube-sqlite_0.1~rc2-6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHmp6ZnuQ3Rt5ZmAARAmNYAJwJh5wr4K9kJ/oAvKksfXSPJEBGtwCcCsY9
N1FmMi0XAWkyV8RVltx4Ork=
=FFaX
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 05 Mar 2008 07:29:46 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:26:54 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon