[Pkg-roundcube-maintainers] roundcube_1.6.5+dfsg-1+deb12u3_source.changes ACCEPTED into proposed-updates->stable-new

Thu Aug 8 12:16:05 BST 2024

Thank you for your contribution to Debian.

Mapping stable-security to proposed-updates.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 06 Aug 2024 16:02:54 +0200
Source: roundcube
Architecture: source
Version: 1.6.5+dfsg-1+deb12u3
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers at alioth-lists.debian.net>
Changed-By: Guilhem Moulin <guilhem at debian.org>
Closes: 1077969
Changes:
 roundcube (1.6.5+dfsg-1+deb12u3) bookworm-security; urgency=high
 .
   * Cherry pick upstream security fixes from v1.6.8 (closes: #1077969):
     + CVE-2024-42008: Cross-site scripting (XSS) vulnerability in serving of
       attachments other than HTML or SVG.
     + CVE-2024-42009: Cross-site scripting (XSS) vulnerability in
       post-processing of sanitized HTML content.
     + CVE-2024-42010: Fix information leak (access to remote content) via
       insufficient CSS filtering.
   * Cherry pick further upstream changes from v1.6.8:
     + Fix fatal error when parsing some TNEF attachments.
     + Fix bug where an unhandled exception was caused by an invalid image
       attachment.
     + Fix infinite loop when parsing malformed Sieve script.
     + Fix bug where imap_conn_option's 'socket' was ignored.
Checksums-Sha1:
 745d8202211278dff06f4206d06f9a62e1929c8a 3833 roundcube_1.6.5+dfsg-1+deb12u3.dsc
 ab7db7a6805b1892ece174c3ea011df9c0c607ca 119360 roundcube_1.6.5+dfsg-1+deb12u3.debian.tar.xz
 fc151fed1d0261a1d752380fc32aa35acc6b6dff 14215 roundcube_1.6.5+dfsg-1+deb12u3_amd64.buildinfo
Checksums-Sha256:
 05dc579c8ae58dcde33c90501eada1b259ce5faefa2357cdf1cdb6a8d51a946f 3833 roundcube_1.6.5+dfsg-1+deb12u3.dsc
 e8a60d68e4def4ce034aca3dc3fd59f67185a98f408329155565985e7d638e6f 119360 roundcube_1.6.5+dfsg-1+deb12u3.debian.tar.xz
 29acd0c922ffde454739088d88f13a17fadb48a200a341bab0e1f7ccd784f44e 14215 roundcube_1.6.5+dfsg-1+deb12u3_amd64.buildinfo
Files:
 061ad7c1808273d438dfc7f77d953135 3833 web optional roundcube_1.6.5+dfsg-1+deb12u3.dsc
 db41a1315aea78b3c2300192b7e878cd 119360 web optional roundcube_1.6.5+dfsg-1+deb12u3.debian.tar.xz
 d2ae2bb5c4b6ba9788a72de5d92f4a3e 14215 web optional roundcube_1.6.5+dfsg-1+deb12u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmayLsAACgkQ05pJnDwh
pVL2mxAAt+6z7rXfuNSOjklv29W+cssixDgpne+QqWuFVFKKTYAsVZ7AvcXSb1uf
p+H01ZCW+GVLz0Z+ms1v+xqOlkVbxAVrhmnOrSOwbrlAEGjJG+limoLXm0ySi2fF
/OHsMXQpMwz+tMBvXj6RM25FzTeI8T015DHhIrDhIl/bgaa0pfeQV1VPmLSpTro4
zCsl36V9AneX2c8AH8jN4iwj7ZzVOjaCqwyauZBIJ+JCnJoCP+NadQqLYLrhM2yG
F5Q3ouEROtallIGdmq/c9S5d/WwCshpjUu0s23xGo+ACrdMKPIIqHxS5TXmKMyvM
7sbEgL1QzKAAmA2SSr3K4yG5xNy9T4BRHcOQLgyv7BG01W2SB9fTIn2YhrmFaMXh
Cx9sUYHxZsI2Kx8ip1O7/KXTbfS6pJjVKcOO7gJYvvKdBYtVR+G8WqRxLI5u0vgw
YN87Z59M+kQGiBMeCTCh2vf3HB7sPWqKcQDQz0bfZv/VdAsF6XYI7r/Lgi5ps/jZ
773CnvpVil4Wv3zskQAZVbhmpt99VMnkEyzCVk04kWruMQAcagGM+cqoswTqT5Ge
OA+5SAKGkKo1vkX5to6zCIjhs8lkpCki89fSM1ZqRcjw+6qiw5qgBUZpqPoi+sMn
L1b0Tdy7I7kp45heZnE2ZXqsbEBIl31yiyk4EKknbcktEIRq0c0=
=Oro8
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-roundcube-maintainers/attachments/20240808/1d5908f3/attachment.sig>