Debian — Security Information — DSA-4344-1 roundcube
Aidan Marlin discovered that roundcube, a skinnable AJAX based webmail
solution for IMAP servers, is prone to a cross-site scripting
vulnerability in handling invalid style tag content.
For the stable distribution (stretch), this problem has been fixed in
We recommend that you upgrade your roundcube packages.
For the detailed security status of roundcube please refer to its
security tracker page at: