[Pkg-roundcube-maintainers] Bug#1127447: roundcube: CSS injection vulnerability and remote image blocking bypass
Salvatore Bonaccorso
carnil at debian.org
Wed Feb 11 21:54:30 GMT 2026
Hi Guilhem,
On Wed, Feb 11, 2026 at 12:43:35PM +0100, Guilhem Moulin wrote:
> Control: retitle -1 roundcube: [CVE-2026-26079] CSS injection vulnerability and [CVE-2026-25916] remote image blocking bypass
>
> Hi,
>
> Thanks for the update! Here are tested debdiffs for trixie-security and
> bookworm-security. As for the previous upload, I suggest to follow
> 1.6.x for trixie-security (the upstream diff [0] is pretty targeted already)
> and backport targeted fixes for bookworm-security.
We will have a look at your proposed update and come back to you.
Thank you for having done the work!
Regards,
Salvatore
More information about the Pkg-roundcube-maintainers
mailing list