Candidate: CVE-2012-4668
PublicDate: 2012-08-25 10:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4668
 http://www.openwall.com/lists/oss-security/2012/08/20/9
 http://www.openwall.com/lists/oss-security/2012/08/20/2
 http://sourceforge.net/news/?group_id=139281&id=309011
Description:
 Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and
 earlier allows remote attackers to inject arbitrary web script or HTML via
 the signature in an email.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685475
 http://trac.roundcube.net/ticket/1488613
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_roundcube:
 upstream: https://github.com/roundcube/roundcubemail/commit/c086978f6a91eacb339fd2976202fca9dad2ef32
upstream_roundcube: released (0.7.2-4)
hardy_roundcube: not-affected
lucid_roundcube: not-affected
natty_roundcube: ignored (reached end-of-life)
oneiric_roundcube: ignored (reached end-of-life)
precise_roundcube: ignored (reached end-of-life)
precise/esm_roundcube: DNE (precise was needed)
quantal_roundcube: ignored (reached end-of-life)
raring_roundcube: ignored (reached end-of-life)
saucy_roundcube: ignored (reached end-of-life)
trusty_roundcube: not-affected (0.9.5-4)
trusty/esm_roundcube: DNE (trusty was not-affected [0.9.5-4])
utopic_roundcube: ignored (reached end-of-life)
vivid_roundcube: ignored (reached end-of-life)
vivid/stable-phone-overlay_roundcube: DNE
vivid/ubuntu-core_roundcube: DNE
wily_roundcube: ignored (reached end-of-life)
xenial_roundcube: not-affected (0.9.5-4)
yakkety_roundcube: ignored (reached end-of-life)
zesty_roundcube: ignored (reached end-of-life)
artful_roundcube: ignored (reached end-of-life)
bionic_roundcube: not-affected (0.9.5-4)
cosmic_roundcube: not-affected (0.9.5-4)
devel_roundcube: not-affected (0.9.5-4)