-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 06 Aug 2024 16:02:54 +0200
Source: roundcube
Binary: roundcube roundcube-core roundcube-mysql roundcube-pgsql roundcube-plugins roundcube-sqlite3
Architecture: all
Version: 1.6.5+dfsg-1+deb12u3
Distribution: bookworm-security
Urgency: high
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Description:
 roundcube  - skinnable AJAX based webmail solution for IMAP servers - metapack
 roundcube-core - skinnable AJAX based webmail solution for IMAP servers
 roundcube-mysql - metapackage providing MySQL dependencies for RoundCube
 roundcube-pgsql - metapackage providing PostgreSQL dependencies for RoundCube
 roundcube-plugins - skinnable AJAX based webmail solution for IMAP servers - plugins
 roundcube-sqlite3 - metapackage providing SQLite dependencies for RoundCube
Closes: 1077969
Changes:
 roundcube (1.6.5+dfsg-1+deb12u3) bookworm-security; urgency=high
 .
   * Cherry pick upstream security fixes from v1.6.8 (closes: #1077969):
     + CVE-2024-42008: Cross-site scripting (XSS) vulnerability in serving of
       attachments other than HTML or SVG.
     + CVE-2024-42009: Cross-site scripting (XSS) vulnerability in
       post-processing of sanitized HTML content.
     + CVE-2024-42010: Fix information leak (access to remote content) via
       insufficient CSS filtering.
   * Cherry pick further upstream changes from v1.6.8:
     + Fix fatal error when parsing some TNEF attachments.
     + Fix bug where an unhandled exception was caused by an invalid image
       attachment.
     + Fix infinite loop when parsing malformed Sieve script.
     + Fix bug where imap_conn_option's 'socket' was ignored.
Checksums-Sha1:
 93d08b5145dd4caf3a763a5aadcf61af5e899dd3 4696804 roundcube-core_1.6.5+dfsg-1+deb12u3_all.deb
 c1435280f1145aa2bbf58dec9d5406995d31d8d3 95208 roundcube-mysql_1.6.5+dfsg-1+deb12u3_all.deb
 db2fefa5737af6d88c31d891b536603178922b15 95184 roundcube-pgsql_1.6.5+dfsg-1+deb12u3_all.deb
 b81907c517797fb5b0726a1058baec5190f9f60d 776656 roundcube-plugins_1.6.5+dfsg-1+deb12u3_all.deb
 a97baebc62444775b75bf4e93cd3f32c167e2f2e 95164 roundcube-sqlite3_1.6.5+dfsg-1+deb12u3_all.deb
 5427bc2741f06da2c0dd1187df0c032d9fdb5807 13798 roundcube_1.6.5+dfsg-1+deb12u3_all-buildd.buildinfo
 e946753625e354734ac8b506d806000a8935b365 1292 roundcube_1.6.5+dfsg-1+deb12u3_all.deb
Checksums-Sha256:
 39c860412c2655d789652becb9219683a356b205f3b51f4ecca7ccc49e3fa1eb 4696804 roundcube-core_1.6.5+dfsg-1+deb12u3_all.deb
 d6bd75c16c61c7ef12d0ffd2fe47867c2fbd5c07f89ecf63077012d6092263c2 95208 roundcube-mysql_1.6.5+dfsg-1+deb12u3_all.deb
 e892563bea4708621ca1e1eee792dd27b6e9cfbbefa6572ec39df318ddfd5597 95184 roundcube-pgsql_1.6.5+dfsg-1+deb12u3_all.deb
 5de02bf2cc40806b3a4792596bd80dc7f16ae8dcf204d37acf9ba9b5c795b6be 776656 roundcube-plugins_1.6.5+dfsg-1+deb12u3_all.deb
 52c970284e2f4b3cdb48621c1baf1de77db63b72612842ff851f34fe7cb302be 95164 roundcube-sqlite3_1.6.5+dfsg-1+deb12u3_all.deb
 6688ff3d32cb143319afcac8c66dc2fd1fbfe2f308d54c090c7d34c7fee8b436 13798 roundcube_1.6.5+dfsg-1+deb12u3_all-buildd.buildinfo
 a66600037c88e2c7e4253de60e5662b060fd7257d3486f71925a74e3c1a37135 1292 roundcube_1.6.5+dfsg-1+deb12u3_all.deb
Files:
 b8a57ff4dd0be7de6847ee3b2e280505 4696804 web optional roundcube-core_1.6.5+dfsg-1+deb12u3_all.deb
 0ae8f4fe5965603d8d85dd7c9bf2fd10 95208 web optional roundcube-mysql_1.6.5+dfsg-1+deb12u3_all.deb
 9be7aadb0f358fa973d4d9c26ae0c1b1 95184 web optional roundcube-pgsql_1.6.5+dfsg-1+deb12u3_all.deb
 2028c3b999384e5abf867cf09a2c0027 776656 web optional roundcube-plugins_1.6.5+dfsg-1+deb12u3_all.deb
 518a5acde7e189832b6f386f76fdb834 95164 web optional roundcube-sqlite3_1.6.5+dfsg-1+deb12u3_all.deb
 5eff0609fbc618cef9ce281403f653cb 13798 web optional roundcube_1.6.5+dfsg-1+deb12u3_all-buildd.buildinfo
 18d56c030616844dadd0de96918528a5 1292 web optional roundcube_1.6.5+dfsg-1+deb12u3_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEQsM0t1ygJv2xcx3e4cagXJhOTXsFAmazLhgACgkQ4cagXJhO
TXuq6RAAoOqOuJAaor6bCSGJVGbfBenPgiP0BNX+ACrh9Ltd65UxcB2JEbwN/Kjh
qisC7Pc3+6SOvwoln5YEHlpTQNuwkv3Nxm+YFxacub8XWbuV7KSIHTX0y8j0TfmW
gfZ9nXfKsg3ClWET/H6rXRq0v0EvK+oi6qdC7Cle8S/HYG9UVjhjb9+TEpAPeyCb
8IVEUN1z/duHc5w7jrhx6b/LIv7fOPGEGWTKeDrOnycnfF0PO7/YW2haV1GlYe8k
IW/18wBu6r66lZvUu3eB4omTE3dO23V/kr11sSVfwg6O1zfRWm6uq2LPEsFAeZ2D
iO1o7Rq0JCoExlk3fRVnhoRmPih3KoUo0eIHGwBGcMlvXPsp/cBon30l/Fd7hHEp
rbtkyCiqoerlFghXF2LS73DMCrhdBsQdujxzEKR6AeDkhWznb2LdHilXw7zKGMlx
8yfGunwNJNoIYADq/LWWT6ikzIhmYZvATDMK2JZM81Hy2OiJYfcdkpTFvZNkIBhB
51mSEOmrAWWpePRyfe+8fUGu9J84SYOJWqdaYBpLzwNWuat2FZLOkwBJuPxH6PbQ
vOyII5HH/kao3WcByzngPt6/1UCmWFGa7TAAFAycUEuPEVilS2KLdrKeO8yVHq5c
GLgpunf9rXhI0EiB9lLHvQW3f42HWqHNDPmtVkGYqCFi37CuQXo=
=/J8B
-----END PGP SIGNATURE-----