diff options
author | Bernard Spil <brnrd@FreeBSD.org> | 2021-12-31 09:19:15 +0000 |
---|---|---|
committer | Bernard Spil <brnrd@FreeBSD.org> | 2021-12-31 09:19:15 +0000 |
commit | b71e61991b196f36e1143d5b4ffdce6b8a94e70e (patch) | |
tree | 3aa8853d1bb8ba1155746b4951dfde7774e9e08b /security | |
parent | 58208423aace0e4426837f60f3201b156f7b2ca4 (diff) | |
download | ports-b71e61991b196f36e1143d5b4ffdce6b8a94e70e.tar.gz ports-b71e61991b196f36e1143d5b4ffdce6b8a94e70e.zip |
security/vuxml: Document Roundcube vulnerability
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln-2021.xml | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml index 0e49315af241..ca5a87a88b4e 100644 --- a/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -1,3 +1,29 @@ + <vuln vid="47197b47-6a1a-11ec-8be6-d4c9ef517024"> + <topic>Roundcube -- XSS vulnerability</topic> + <affects> + <package> + <name>roundcube</name> + <range><lt>1.5.2,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Roundcube project reports:</p> + <blockquote cite="://roundcube.net/news/2021/12/30/update-1.5.2-released"> + <p>Cross-site scripting (XSS) via HTML messages with malicious CSS + content</p> + </blockquote> + </body> + </description> + <references> + <url>https://roundcube.net/news/2021/12/30/update-1.5.2-released</url> + </references> + <dates> + <discovery>2021-12-30</discovery> + <entry>2021-12-31</entry> + </dates> + </vuln> + <vuln vid="c1b2b492-6999-11ec-a50c-001cc0382b2f"> <topic>Mbed TLS -- Potential double-free after an out of memory error</topic> <affects> |