Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Maintenance:5987
patchinfo
_patchinfo
Overview
Details
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo
<patchinfo incident="5987"> <issue id="1001856" tracker="bnc">VUL-0: roundcubemail: 1.1.6 fixes XSS + clickjacking flaw</issue> <issue id="1012493" tracker="bnc">VUL-0: roundcubemail: command injection via php mail() additional_parameters</issue> <issue id="982003" tracker="bnc">VUL-0: CVE-2016-5103: roundcube: XSS vulnerability in mail content page</issue> <issue id="2016-5103" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>aeneas_jaissle</packager> <description> This update for roundcubemail fixes the following issues: - A maliciously crafted email could cause untrusted code to be executed (cross site scripting using $lt;area href=javascript:...>) (boo#982003, CVE-2016-5103) - Avoid HTML styles that could cause potential click jacking (boo#1001856) - A maliciously crafted FROM value could cause extra parameters to be passed to the sendmail command (boo#1012493) - Avoid sending completely empty text parts for multipart/alternative messages - Don't create multipart/alternative messages with empty text/plain part - Improved validation of FROM argument when sending mails </description> <summary>Security update for roundcubemail</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor