From 4cc74f726942d8570811f1e78db9a93a252435bf Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Tue, 20 Jan 2009 11:28:33 -0500
Subject: [PATCH] Treat 'background' attributes the same way as 'src' (another XSS vulnerability)

---
 CHANGELOG |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index f9ce6de..e8ce827 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,10 @@
 CHANGELOG RoundCube Webmail
 ---------------------------
 
+2009/01/20 (thomasb)
+----------
+- Fix XSS vulnerability through background attributes as reported by Julien Cayssol
+
 2009/01/18 (alec)
 ----------
 - Fix problems with backslash as IMAP hierarchy delimiter (#1484467)

--
Gitblit v1.9.1