-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 24 Nov 2018 04:36:11 +0100 Source: roundcube Binary: roundcube-core roundcube roundcube-mysql roundcube-pgsql roundcube-sqlite3 roundcube-plugins Architecture: source all Version: 1.2.3+dfsg.1-4+deb9u3 Distribution: stretch-security Urgency: high Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org> Changed-By: Guilhem Moulin <guilhem@debian.org> Description: roundcube - skinnable AJAX based webmail solution for IMAP servers - metapack roundcube-core - skinnable AJAX based webmail solution for IMAP servers roundcube-mysql - metapackage providing MySQL dependencies for RoundCube roundcube-pgsql - metapackage providing PostgreSQL dependencies for RoundCube roundcube-plugins - skinnable AJAX based webmail solution for IMAP servers - plugins roundcube-sqlite3 - metapackage providing SQLite dependencies for RoundCube Changes: roundcube (1.2.3+dfsg.1-4+deb9u3) stretch-security; urgency=high . * Backport fix for CVE-2018-19206: XSS vulnerability via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment. https://github.com/roundcube/roundcubemail/issues/6410 Checksums-Sha1: 053ce4c4e5ad2079836c176af7eecb40480ad744 2472 roundcube_1.2.3+dfsg.1-4+deb9u3.dsc 859bf83d46197348d54bc97470e12200e981e61f 4445880 roundcube_1.2.3+dfsg.1-4+deb9u3.debian.tar.xz af72875efab9cb1bfab46cafa8054ab12c2009f3 2112730 roundcube-core_1.2.3+dfsg.1-4+deb9u3_all.deb b060ce98f5079242a5808b54123999cc1ed6910b 71194 roundcube-mysql_1.2.3+dfsg.1-4+deb9u3_all.deb 6a5667453b95e6ffdf8f4159e301d8e06606c068 71160 roundcube-pgsql_1.2.3+dfsg.1-4+deb9u3_all.deb 39996eea3037e8cc86500c4a5627ee64119eaf36 661478 roundcube-plugins_1.2.3+dfsg.1-4+deb9u3_all.deb 4e2f8d8c1fdca1716d1918e508eda45621f9edb8 71148 roundcube-sqlite3_1.2.3+dfsg.1-4+deb9u3_all.deb 479db49c9393969382770abe924db61200575064 1376 roundcube_1.2.3+dfsg.1-4+deb9u3_all.deb 358bdd4565268de23808b47ac8460d93a9726175 9546 roundcube_1.2.3+dfsg.1-4+deb9u3_amd64.buildinfo Checksums-Sha256: a90fa947509933b82082b5f1e46819ee14d50e87fcdb190a0d74f8888e944794 2472 roundcube_1.2.3+dfsg.1-4+deb9u3.dsc 17d33def2d80123ebe2e9f0f80955e3decdf9eafa2e55ebc975cc8013f5945d8 4445880 roundcube_1.2.3+dfsg.1-4+deb9u3.debian.tar.xz 188a8cadfaece84db819d1d21016503fbacfd6d3ed84e2be3840f4112f87f67b 2112730 roundcube-core_1.2.3+dfsg.1-4+deb9u3_all.deb e27f603135fe2d82e2e0d684cd671680a5671b8b1488a6d83eb414935a3f3a43 71194 roundcube-mysql_1.2.3+dfsg.1-4+deb9u3_all.deb efbc6f23655a99043012e109a0263f50cf0b1c026c64e7ff3424a0886f4d2d14 71160 roundcube-pgsql_1.2.3+dfsg.1-4+deb9u3_all.deb 49fc4e8d7cc3e8907bbeb17cde2616be801a102f7649231e577092e86922f5b2 661478 roundcube-plugins_1.2.3+dfsg.1-4+deb9u3_all.deb 2c4a8a16ab4bf14f52af4ec19a5f62b3c729d33b0bd9e33a4946a7a47cba5c8e 71148 roundcube-sqlite3_1.2.3+dfsg.1-4+deb9u3_all.deb 58f58629dab5fbcc40f25d99794e2b98b172a54355f0ed5200ca02c9a688afd6 1376 roundcube_1.2.3+dfsg.1-4+deb9u3_all.deb dec299335b376ab7ce6bba9bb5fcfb4ac03352c9ac279931353a90949e90f383 9546 roundcube_1.2.3+dfsg.1-4+deb9u3_amd64.buildinfo Files: e053bcba21cf6b2667bf9798f9867020 2472 web extra roundcube_1.2.3+dfsg.1-4+deb9u3.dsc 5e3b206ea41bbe33e608de7ab0ac7abb 4445880 web extra roundcube_1.2.3+dfsg.1-4+deb9u3.debian.tar.xz 458eb292bc2eb22f09cda8be9212b3ee 2112730 web extra roundcube-core_1.2.3+dfsg.1-4+deb9u3_all.deb 8e3c798bc91938a6c5752dd8480b7418 71194 web extra roundcube-mysql_1.2.3+dfsg.1-4+deb9u3_all.deb 3e3f184934b0163e44b503799420e397 71160 web extra roundcube-pgsql_1.2.3+dfsg.1-4+deb9u3_all.deb f7dde819ce2a9ff12c60b7e21abc54e2 661478 web extra roundcube-plugins_1.2.3+dfsg.1-4+deb9u3_all.deb 49411ecb1b0adff0d076926b4a98d431 71148 web extra roundcube-sqlite3_1.2.3+dfsg.1-4+deb9u3_all.deb fc58029c74ef4672e80fdbb1373a9832 1376 web extra roundcube_1.2.3+dfsg.1-4+deb9u3_all.deb a86ce1fd14c89dc4bc160e455e2fc8c2 9546 web extra roundcube_1.2.3+dfsg.1-4+deb9u3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAlv4zIYACgkQ05pJnDwh pVKuIBAAou0aLI2jWuFMnOIJSrMcOqT/QWRAOSicLlC7FwYqBMbiQtZ3U4RhNWhO 1IvsUYNcYPOI6PFkZfyo+ZJyUXqpX1JQTAZ9VPJ8uS8TKUGPtwzEjB8uAazbNK/x a7C8qpA51yuqNGgdW284e17S3fJ21Y+WM00GHIojluzqlqts5ctdbHHmwBMylBbE /mpV9gHvIonV3YzH7SyiZVoqCdxG69pLZgcgcLavjzuFnYltfrcV6qDSHSJgRImp QEC13YMXOVpjzrxeyPTpG0EhjhQd8oXI5WmAASz3zb/Sp7xdMjwE1GigniwiY28Z ihjd46rWkkNPR3QAROG2IAlR+aOt5t+1Y3oRM+Lb0cQpPAIeGjndq2kEWQYJFBAl VpyGobqdrPHUjwecaOJXyAWzkgJO9uLLjfh2vqmHZr0RUgIo+lIf7cf4gk3qkfn6 nuBTXuArJ1xqV6AM0EaK/WbfQvqjmiyMMm0+X78DKmcjhaWCcEb2EZVtH+4JXLcP 1OTfvKt4yFAG8Y83NubzSvtQKyUQrmursO/GiE9wVqwJGJpk5UKnrdU3V9iJRVOF GDsTin2BKganF4Ut6wVUQ187yg96+i+sPscIX6uMfDCbfVuzMzr73IncpvRNO4ub N8sZ4Lia1/2mO7MaDQGCv7petrwdHo5ROirml3nJgLx9Bsizmdw= =yCYU -----END PGP SIGNATURE-----