-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 08 Aug 2024 23:48:56 +0200 Source: roundcube Binary: roundcube roundcube-core roundcube-mysql roundcube-pgsql roundcube-plugins roundcube-sqlite3 Architecture: all Version: 1.4.15+dfsg.1-1+deb11u4 Distribution: bullseye-security Urgency: high Maintainer: all Build Daemon (x86-grnet-02) Changed-By: Guilhem Moulin Description: roundcube - skinnable AJAX based webmail solution for IMAP servers - metapack roundcube-core - skinnable AJAX based webmail solution for IMAP servers roundcube-mysql - metapackage providing MySQL dependencies for RoundCube roundcube-pgsql - metapackage providing PostgreSQL dependencies for RoundCube roundcube-plugins - skinnable AJAX based webmail solution for IMAP servers - plugins roundcube-sqlite3 - metapackage providing SQLite dependencies for RoundCube Closes: 1077969 Changes: roundcube (1.4.15+dfsg.1-1+deb11u4) bullseye-security; urgency=high . * Fix CVE-2024-42008: Cross-site scripting (XSS) vulnerability in serving of attachments other than HTML or SVG. * Fix CVE-2024-42009: Cross-site scripting (XSS) vulnerability in post-processing of sanitized HTML content. (Closes: #1077969) * Fix CVE-2024-42010: Information leak (access to remote content) via insufficient CSS filtering. * Backport upstream fix for infinite loop when parsing malformed Sieve script. Checksums-Sha1: cad03d5ef06f5492f6f0aa57e727f5eb6bf90b0d 4318892 roundcube-core_1.4.15+dfsg.1-1+deb11u4_all.deb 4231634e14770e35b115af6f820c182ccdc36c26 94384 roundcube-mysql_1.4.15+dfsg.1-1+deb11u4_all.deb 75f10e152ee461c0ce87bdabca28698e1157880b 94352 roundcube-pgsql_1.4.15+dfsg.1-1+deb11u4_all.deb 69467c5df8c48ba28f85b1e715f121c3b48f6f5f 928196 roundcube-plugins_1.4.15+dfsg.1-1+deb11u4_all.deb b6d344fde9bce2bed45164cd467029eeedcd300a 94328 roundcube-sqlite3_1.4.15+dfsg.1-1+deb11u4_all.deb eb01c08aa3d522958eaeed4752864b9e8993b9ec 10576 roundcube_1.4.15+dfsg.1-1+deb11u4_all-buildd.buildinfo 6a521dd31503c8cf72473ac718dfa7f2fcb13335 1456 roundcube_1.4.15+dfsg.1-1+deb11u4_all.deb Checksums-Sha256: 62b7dea5f59c60848e4889b8d3198696543d53d7580ca45a76aa9830078415ab 4318892 roundcube-core_1.4.15+dfsg.1-1+deb11u4_all.deb ec543b283b033611154e350ab9f05a44103319f8d91e71dc258d44f174e998b6 94384 roundcube-mysql_1.4.15+dfsg.1-1+deb11u4_all.deb cca97ad6fdd92f0f2e3334e9cd55487e16b5c0d01e64b2435f00e80543772dc2 94352 roundcube-pgsql_1.4.15+dfsg.1-1+deb11u4_all.deb 2237a9bade6cad4d30a2a07e4ff2a635d837cc3cdbd336b1f5aac1714b96bee8 928196 roundcube-plugins_1.4.15+dfsg.1-1+deb11u4_all.deb 07c6883c0a33f28d929379ac7d1fa2d54f4989b346e6be2b4e0dc962103546e4 94328 roundcube-sqlite3_1.4.15+dfsg.1-1+deb11u4_all.deb 95c80e19da5f241e140c9e1cbc674d369dc2a0b370cfdf18e1b45678b419ae58 10576 roundcube_1.4.15+dfsg.1-1+deb11u4_all-buildd.buildinfo 733765ebfb75da11c47739c966fffb7eb7c2db0fadce340d8793901d48136c7f 1456 roundcube_1.4.15+dfsg.1-1+deb11u4_all.deb Files: 1861a63d5b0f8671088e08fd53927785 4318892 web optional roundcube-core_1.4.15+dfsg.1-1+deb11u4_all.deb b563f8e72f59860f9929732ba323cc3a 94384 web optional roundcube-mysql_1.4.15+dfsg.1-1+deb11u4_all.deb f8e885ce9db39a1162e038fd4d1ed390 94352 web optional roundcube-pgsql_1.4.15+dfsg.1-1+deb11u4_all.deb 01b7dcea379c2d6b3e7be74b291f7303 928196 web optional roundcube-plugins_1.4.15+dfsg.1-1+deb11u4_all.deb b58a24273d6a30c0773c03d8752f5dcc 94328 web optional roundcube-sqlite3_1.4.15+dfsg.1-1+deb11u4_all.deb e8e0305bc338e0aecb3e0fab9f468dca 10576 web optional roundcube_1.4.15+dfsg.1-1+deb11u4_all-buildd.buildinfo a1d3c016e7df7320c44061591ed551ed 1456 web optional roundcube_1.4.15+dfsg.1-1+deb11u4_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEQsM0t1ygJv2xcx3e4cagXJhOTXsFAma6Ew8ACgkQ4cagXJhO TXvycg//aXRsG4OuFvJyF5zF0G+XfRj7HyXfA8G3v8wN8M8xbuU0T4hHiPcPlRmZ c3HAR3SMbKcuMzH6XjZn9qXy0oTsA/IeorBmt7cYcun5haieJc1xVmOP4+ydWEg4 XlfryiCPFshOLqectHGPoFOBBOJzwuEN2mvcOy1gQGqrilw6bozNA/ZqSYLvDYdu zXpst5hGRsVTCBccp3hGqmDl2tLErYMn27qyBfIuobRXyey+HXCzi3/74Jisu21l O/18dwy/NChT1V4+K8Kq5XJHfHfTlkus4ansTwvSu2cTMVswXJyGeBqLQjLWAlyx vfCeObrObsZJROMZzeguFxnvaBgBfEk0YLAzu6Cx1kTU2JwYyOLdsHtX3oSeVZk5 4Ycv4gv1wQBqiUw/tdXUlBlPJNpG6wZXsbH01oiq2FY7RvxBOxs6EJJAUJoxvpRC 3M8hGmbaH9lSaLNVI6mnVU/wZE+a+AiK1wM7GVqS3Fxv9ZVLvSBs8J1i4+ZF6Hrj +AnZZ/FNhq4UScK6/vMXUNniRYx3su35Usyd9pNDaapgKvAbIhrMxI9KrqKB5rti VYWVZap0l+7dCrwLYzICa3b2aQAe7xtHUwGF1u1SxAgkmEj76UBNY4aGGtPl7O6V HnjU9pRtfKY3A/8uqcRHB9nW8yorBEiv94sH6NpXbkpLinWVECc= =ejsr -----END PGP SIGNATURE-----