Bugzilla – Bug 1215433
VUL-0: roundcubemail: cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages
Last modified: 2024-02-13 08:02:50 UTC
https://roundcube.net/news/2023/09/15/security-update-1.6.3-released Security update 1.6.3 released Published: 15 September 2023 Tags: releases updates security We just published a security update to the version 1.6 of Roundcube Webmail. It provides a fix to a recently reported XSS vulnerability: Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages, reported by Niraj Shivtarkar. See the full changelog in the release notes in the release notes on the Github download page. We strongly recommend to update all productive installations of Roundcube 1.6.x with this new version. This also affects older roundcubemail code-streams: https://roundcube.net/news/2023/09/18/security-update-1.5.4-released https://roundcube.net/news/2023/09/18/security-update-1.4.14-released
This is an autogenerated message for OBS integration: This bug (1215433) was mentioned in https://build.opensuse.org/request/show/1112688 Backports:SLE-15-SP3 / roundcubemail https://build.opensuse.org/request/show/1112689 Backports:SLE-15-SP4 / roundcubemail https://build.opensuse.org/request/show/1112690 Backports:SLE-15-SP5 / roundcubemail https://build.opensuse.org/request/show/1112691 Backports:SLE-15-SP6 / roundcubemail
*** Bug 1215609 has been marked as a duplicate of this bug. ***
openSUSE-RU-2023:0283-1: An update that has one recommended fix can now be installed. Category: recommended (moderate) Bug References: 1215433 CVE References: JIRA References: Sources used: openSUSE Backports SLE-15-SP4 (src): roundcubemail-1.5.4-bp154.2.6.1
openSUSE-SU-2023:0285-1: An update that contains security fixes can now be installed. Category: security (moderate) Bug References: 1215433 CVE References: JIRA References: Sources used: openSUSE Backports SLE-15-SP5 (src): roundcubemail-1.6.3-bp155.2.3.1
done