Information on source package roundup

Available versions

ReleaseVersion
jessie1.4.20-1.1+deb8u2

Open issues

BugjessieDescription
CVE-2024-39126vulnerableRoundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG do ...
CVE-2024-39125vulnerableRoundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Refere ...
CVE-2024-39124vulnerableIn Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.

Resolved issues

BugDescription
TEMP-0000000-AF79F8roundup: unspecified issue
CVE-2019-10904Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and r ...
CVE-2014-6276schema.py in Roundup before 1.5.1 does not properly limit attributes i ...
CVE-2012-6133Multiple cross-site scripting (XSS) vulnerabilities in Roundup before ...
CVE-2012-6132Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allo ...
CVE-2012-6131Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup b ...
CVE-2012-6130Cross-site scripting (XSS) vulnerability in the history display in Rou ...
CVE-2010-2491Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup b ...
CVE-2009-2737The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2 ...
CVE-2008-1475The xml-rpc server in Roundup 1.4.4 does not check property permission ...
CVE-2008-1474Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unkn ...
CVE-2004-1444Directory traversal vulnerability in Roundup 0.6.4 and earlier allows ...

Security announcements

DSA / DLADescription
DLA-1750-1roundup - security update
DSA-3502-1roundup - security update
DLA-298-1roundup - security update
DSA-1754-1roundup - privilege escalation
DSA-1554-1roundup - cross-site scripting vulnerability
Search for package or bug name: Reporting problems