Candidate: CVE-2013-5645
PublicDate: 2013-08-29 12:07:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5645
 http://trac.roundcube.net/changeset/ce5a6496fd6039962ba7424d153278e41ae8761b/github
 http://trac.roundcube.net/changeset/93b0a30c1c8aa29d862b587b31e52bcc344b8d16/github
 http://trac.roundcube.net/wiki/Changelog#RELEASE0.9.3
 http://trac.roundcube.net/ticket/1489251
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail
 before 0.9.3 allow user-assisted remote attackers to inject arbitrary web
 script or HTML via the body of a message visited in (1) new or (2) draft
 mode, related to compose.inc; and (3) might allow remote authenticated
 users to inject arbitrary web script or HTML via an HTML signature, related
 to save_identity.inc.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/trusty/+source/roundcube/+bug/1256293
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_roundcube:
upstream_roundcube: released (0.9.3)
lucid_roundcube: ignored (reached end-of-life)
precise_roundcube: ignored (reached end-of-life)
precise/esm_roundcube: DNE (precise was needs-triage)
quantal_roundcube: ignored (reached end-of-life)
raring_roundcube: ignored (reached end-of-life)
saucy_roundcube: ignored (reached end-of-life)
trusty_roundcube: not-affected (0.9.5-2)
trusty/esm_roundcube: DNE (trusty was not-affected [0.9.5-2])
utopic_roundcube: not-affected (0.9.5-2)
vivid_roundcube: not-affected (0.9.5-2)
vivid/stable-phone-overlay_roundcube: DNE
vivid/ubuntu-core_roundcube: DNE
wily_roundcube: not-affected (0.9.5-2)
xenial_roundcube: not-affected (0.9.5-2)
yakkety_roundcube: not-affected (0.9.5-2)
zesty_roundcube: not-affected (0.9.5-2)
devel_roundcube: not-affected (0.9.5-2)