Debian Security Advisory 5714-1

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5714-1                   [email protected]://www.debian.org/security/                       Sebastien DelafondJune 18, 2024                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : roundcubeCVE ID         : CVE-2024-37383 CVE-2024-37384Debian Bug     : 1071474Huy Nguyễn Phạm Nhật, and Valentin T. and Lutz Wolf of CrowdStrike,discovered that roundcube, a skinnable AJAX based webmail solution forIMAP servers, did not correctly process and sanitize requests. Thiswould allow an attacker to perform Cross-Side Scripting (XSS) attacks.For the oldstable distribution (bullseye), these problems have been fixedin version 1.4.15+dfsg.1-1+deb11u3.For the stable distribution (bookworm), these problems have been fixed inversion 1.6.5+dfsg-1+deb12u2.We recommend that you upgrade your roundcube packages.For the detailed security status of roundcube please refer toits security tracker page at:https://security-tracker.debian.org/tracker/roundcubeFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmZxxS4ACgkQEL6Jg/PVnWSmBAgAlHkpKAMLQuMJh79XHBJD38gMRshGMgxGMmbD38uZBRGhxniE8CSP3Xc2h/92qvSVcNJrjS8H0wPlkhKEV75NoNoofoDVb/Uoa1GcAShVb0pzBDzmBA1hbbdzCHfpGUnu8ghkzh1bBgX/zAwqScXcAGSn1/s4bknhPgEriRvfcAjN7o4S4lFOExSLL+RlqxWfHFNiQt6788BpgnfGZ3OWgAEWoEJdH7wr6/YdH5u/Fne6/1gD2HO3zYHVF4OzuVVkX6fTf+kHH74oGOSz7qtqW7HiriGY6+7j+7i+vSk95aWuxhPrPaGD3yVI02WjtokupJJKmgGVUf3CgNJCMEzCqg===rv9C-----END PGP SIGNATURE-----