[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-OPENSUSE-SU-2024:0328-1":6},{"stargazers_count":4,"fetched_at":5},5,"2026-04-28T13:22:40.146Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":20,"duplicates":21,"related":22,"reserved_at":9,"published_at":26,"modified_at":27,"state":9,"summary":28,"references_raw":30,"kevs":60,"epss":9,"epss_history":61,"metrics":62,"affected":63},"OPENSUSE-SU-2024:0328-1","Security update for roundcubemail\n\nThis update for roundcubemail fixes the following issues:\n\nUpdate to 1.6.8\nThis is a security update to the stable version 1.6 of Roundcube Webmail.\nIt provides fixes to recently reported security vulnerabilities:\n\n  * Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009]\n  * Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008]\n  * Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010]\n\n  CHANGELOG\n\n  * Managesieve: Protect special scripts in managesieve_kolab_master mode\n  * Fix newmail_notifier notification focus in Chrome (#9467)\n  * Fix fatal error when parsing some TNEF attachments (#9462)\n  * Fix double scrollbar when composing a mail with many plain text lines (#7760)\n  * Fix decoding mail parts with multiple base64-encoded text blocks (#9290)\n  * Fix bug where some messages could get malformed in an import from a MBOX file (#9510)\n  * Fix invalid line break characters in multi-line text in Sieve scripts (#9543)\n  * Fix bug where 'with attachment' filter could fail on some fts engines (#9514)\n  * Fix bug where an unhandled exception was caused by an invalid image attachment (#9475)\n  * Fix bug where a long subject title could not be displayed in some cases (#9416)\n  * Fix infinite loop when parsing malformed Sieve script (#9562)\n  * Fix bug where imap_conn_option's 'socket' was ignored (#9566)\n  * Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009]\n  * Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008]\n  * Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010]\n",null,[],[],[],[14,16,18],{"_key":15},"CVE-2024-42008",{"_key":17},"CVE-2024-42009",{"_key":19},"CVE-2024-42010",[],[],[23,24,25],{"_key":15},{"_key":17},{"_key":19},"2024-10-09T08:01:27Z","2026-02-04T03:46:01.312116Z",{"cisa_kev":29,"cisa_ransomware":29,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[31,38,43,47,52,56],{"url":32,"sources":33,"tags":36},"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Q5GOCYS6W7WGAIH6NILISNVXQC4O7Z53/",[34,35],"osv_suse","osv_opensuse",[37],"Advisory",{"url":39,"sources":40,"tags":41},"https://bugzilla.suse.com/1228900",[34,35],[42],"REPORT",{"url":44,"sources":45,"tags":46},"https://bugzilla.suse.com/1228901",[34,35],[42],{"url":48,"sources":49,"tags":50},"https://www.suse.com/security/cve/CVE-2024-42008",[34,35],[51],"WEB",{"url":53,"sources":54,"tags":55},"https://www.suse.com/security/cve/CVE-2024-42009",[34,35],[51],{"url":57,"sources":58,"tags":59},"https://www.suse.com/security/cve/CVE-2024-42010",[34,35],[51],[],[],[],[64,77,81,87],{"ecosystem":65,"name":66,"vendor":67,"product":68,"cpe_part":9,"purl_type":69,"purl_namespace":67,"purl_name":68,"source":9,"versions":70},"openSUSE","roundcubemail","opensuse","roundcubemail&distro=openSUSE Leap 15.5","rpm",[71],{"version":72,"is_range":73,"range_type":74,"version_start":9,"version_start_type":9,"version_end":75,"version_end_type":76,"fixed_in":9},"lt1_6_8_bp156_2_3_1",true,"ecosystem","1.6.8-bp156.2.3.1","excluding",{"ecosystem":65,"name":66,"vendor":67,"product":78,"cpe_part":9,"purl_type":69,"purl_namespace":67,"purl_name":78,"source":9,"versions":79},"roundcubemail&distro=openSUSE Leap 15.6",[80],{"version":72,"is_range":73,"range_type":74,"version_start":9,"version_start_type":9,"version_end":75,"version_end_type":76,"fixed_in":9},{"ecosystem":82,"name":66,"vendor":83,"product":84,"cpe_part":9,"purl_type":69,"purl_namespace":83,"purl_name":84,"source":9,"versions":85},"SUSE Linux Enterprise","suse","roundcubemail&distro=SUSE Package Hub 15 SP5",[86],{"version":72,"is_range":73,"range_type":74,"version_start":9,"version_start_type":9,"version_end":75,"version_end_type":76,"fixed_in":9},{"ecosystem":82,"name":66,"vendor":83,"product":88,"cpe_part":9,"purl_type":69,"purl_namespace":83,"purl_name":88,"source":9,"versions":89},"roundcubemail&distro=SUSE Package Hub 15 SP6",[90],{"version":72,"is_range":73,"range_type":74,"version_start":9,"version_start_type":9,"version_end":75,"version_end_type":76,"fixed_in":9}]