On Tue, Aug 11, 2020 at 07:11:57PM +0200, Guilhem Moulin wrote: > Dear security team, > > In a recent post roundcube webmail upstream has announced the following > security fix for #968216: > > Cross-site scripting (XSS) via HTML messages with malicious SVG > or math content (CVE-2020-16145) > > AFAICT CVE-2020-16145 is only about SVG not math, but the upstream > commit addresses both so I opened a single bug: > https://github.com/roundcube/roundcubemail/commit/589d36010048300ed39f4887aab1afd3ae98d00e > > Debdiff tested and attached, but I'd appreciate if you could take care > of the DLA :-) > > Thanks! > Cheers, > -- > Guilhem.
Hi Guilhem, I'll take care of it shortly. Regards, -Roberto -- Roberto C. Sánchez
