MGASA-2023-0332

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2023-0332.html

Import Source

https://advisories.mageia.org/MGASA-2023-0332.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2023-0332

Related

Published

2023-12-01T11:54:47Z

Modified

2023-12-01T09:43:47Z

Summary

Updated roundcubemail packages fix XSS security vulnerabilities

Details

Updated roundcubemail package fixes security vulnerabilities:

Fix cross-site scripting (XSS) vulnerability in setting Content-Type/ Content-Disposition for attachment preview/download (CVE-2023-47272)

Fix cross-site scripting (XSS) vulnerability in handling of SVG in HTML messages. (CVE-2023-5631)

Some other errors have been fixed: - Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE - Fix duplicated Inbox folder on IMAP servers that do not use Inbox folder with all capital letters - Fix PHP warnings - Fix UI issue when dealing with an invalid managesievedefaultheaders value - Fix bug where images attached to application/smil messages weren't displayed - Fix PHP string replacement error in utils/error.php - Fix regression where smtp_user did not allow pre/post strings before/after %u placeholder

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2023-0332

Affected packages