Candidate: CVE-2012-3508
PublicDate: 2012-08-25 10:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3508
 http://trac.roundcube.net/ticket/1488613
Description:
 Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in
 Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web
 script or HTML by using "javascript:" in an href attribute in the body of
 an HTML-formatted email.
Ubuntu-Description:
Notes:
 sbeattie> first patch/issue may only affect 0.8
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685475
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_roundcube:
 upstream: https://github.com/roundcube/roundcubemail/commit/5ef8e4ad9d3ee8689d2b83750aa65395b7cd59ee
 upstream: https://github.com/roundcube/roundcubemail/commit/c086978f6a91eacb339fd2976202fca9dad2ef32
upstream_roundcube: released (0.7.2-4)
hardy_roundcube: ignored (reached end-of-life)
lucid_roundcube: ignored (reached end-of-life)
natty_roundcube: ignored (reached end-of-life)
oneiric_roundcube: ignored (reached end-of-life)
precise_roundcube: ignored (reached end-of-life)
precise/esm_roundcube: DNE (precise was needs-triage)
quantal_roundcube: ignored (reached end-of-life)
raring_roundcube: ignored (reached end-of-life)
saucy_roundcube: ignored (reached end-of-life)
trusty_roundcube: not-affected (0.9.5-4)
trusty/esm_roundcube: DNE (trusty was not-affected [0.9.5-4])
utopic_roundcube: ignored (reached end-of-life)
vivid_roundcube: ignored (reached end-of-life)
vivid/stable-phone-overlay_roundcube: DNE
vivid/ubuntu-core_roundcube: DNE
wily_roundcube: ignored (reached end-of-life)
xenial_roundcube: not-affected (0.9.5-4)
yakkety_roundcube: ignored (reached end-of-life)
zesty_roundcube: ignored (reached end-of-life)
artful_roundcube: ignored (reached end-of-life)
bionic_roundcube: not-affected (0.9.5-4)
cosmic_roundcube: not-affected (0.9.5-4)
devel_roundcube: not-affected (0.9.5-4)