Date: Sun, 29 Mar 2026 10:39:07 +0000 From: Bernard Spil <brnrd@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 1c5e093993db - main - security/vuxml: Document Roundcube vulnerability Message-ID: <69c9014b.37b54.1ab2acf6@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by brnrd: URL: https://cgit.FreeBSD.org/ports/commit/?id=1c5e093993db0f3659030e7ce6c57733bdb980a3 commit 1c5e093993db0f3659030e7ce6c57733bdb980a3 Author: Bernard Spil <brnrd@FreeBSD.org> AuthorDate: 2026-03-29 10:38:50 +0000 Commit: Bernard Spil <brnrd@FreeBSD.org> CommitDate: 2026-03-29 10:38:50 +0000 security/vuxml: Document Roundcube vulnerability --- security/vuxml/vuln/2026.xml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index 1108d8c346be..830f0303dfa3 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,3 +1,31 @@ + <vuln vid="095e9db2-2b5b-11f1-9839-8447094a420f"> + <topic>Roundcube -- SVG Attribute Bypass</topic> + <affects> + <package> + <name>roundcube-php82</name> + <name>roundcube-php83</name> + <name>roundcube-php84</name> + <name>roundcube-php85</name> + <range><lt>1.6.15,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The Roundcube project reports:</p> + <blockquote cite="https://github.com/roundcube/roundcubemail/releases/tag/1.6.15">; + <p>.</p> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/roundcube/roundcubemail/releases/tag/1.6.15</url>; + </references> + <dates> + <discovery>2026-03-29</discovery> + <entry>2026-03-29</entry> + </dates> + </vuln> + <vuln vid="b933083e-2b2e-11f1-b60a-2cf05da270f3"> <topic>Gitlab -- vulnerabilities</topic> <affects>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69c9014b.37b54.1ab2acf6>