-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 08 Jul 2020 14:28:56 +0200 Source: roundcube Architecture: source Version: 1.4.7+dfsg.1-1~bpo10+1 Distribution: buster-backports Urgency: high Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@alioth-lists.debian.net> Changed-By: Guilhem Moulin <guilhem@debian.org> Closes: 964355 Changes: roundcube (1.4.7+dfsg.1-1~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. . roundcube (1.4.7+dfsg.1-1) unstable; urgency=high . * New upstream bugfix release, including security fixes for: Cross-Site Scripting (XSS) vulnerability via HTML messages with malicious svg/namespace (closes: #964355) . roundcube (1.4.6+dfsg.1-3) unstable; urgency=low . * d/upstream/metadata: Add upstream's screenshot URL. * d/po/de.po: Convert from ISO-8859-15 to TDF-8. * Remove bundled OpenPGP.js as the bundled source is not the preferred form of modification hence violates DFSG. This breaks key generation in the enigma plugin (server-side OpenPGP support), but other key operations (incl. import of private keys) still work. That being said enigma is already broken in Buster (and Bullseye too right now) due to the missing dependency 'php-crypt-gpg'. Admins wanting enigma already need to manually install the dependency; they'll now need to also copy . https://raw.githubusercontent.com/openpgpjs/openpgpjs/v4.4.6/dist/openpgp.min.js . (or a later version) to /usr/share/roundcube/plugins/enigma/openpgp.min.js for key generation to keep working. Checksums-Sha1: c3531dc9588e39e4d8c949d12813fed1ac34f90d 2511 roundcube_1.4.7+dfsg.1-1~bpo10+1.dsc f9340220ac93c41765faf976ffadb948aa34288c 856528 roundcube_1.4.7+dfsg.1-1~bpo10+1.debian.tar.xz 06c0d56c9a505652b47288b0ccaea13092969ba7 9822 roundcube_1.4.7+dfsg.1-1~bpo10+1_amd64.buildinfo Checksums-Sha256: 32ef778a85b221debdfbe6890506f4331d4517e606c33ab94ac6132d18b299f1 2511 roundcube_1.4.7+dfsg.1-1~bpo10+1.dsc 87804bfd9aa9c2a3963939ecc835f297d750ac76323728a5f2f69195e94a507f 856528 roundcube_1.4.7+dfsg.1-1~bpo10+1.debian.tar.xz 3dc9a6c9d59ed4138e447cb3c43b21366e3bb9a7ae00e7a618136ba2fbf257f9 9822 roundcube_1.4.7+dfsg.1-1~bpo10+1_amd64.buildinfo Files: 1b829caa70d12957444f8be5dbb19fdb 2511 web optional roundcube_1.4.7+dfsg.1-1~bpo10+1.dsc 0e714fe86ebfacd7fc2f91264c01b75d 856528 web optional roundcube_1.4.7+dfsg.1-1~bpo10+1.debian.tar.xz 383d0e299d6a85afdbff99e7a832370d 9822 web optional roundcube_1.4.7+dfsg.1-1~bpo10+1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAl8FvPQACgkQ05pJnDwh pVLMdQ//d1cRbuKPUyT14H/KyY0qSL6NZRXH95DLJqGb1SX7FvQErCxsubmfJ1Eg PdmuC8EtFFnLxKKZBIaYgUqfC2k1uAG93O6RL6tOhCLfyz8kxCcnEOI1y41+i6fO ryCW1K2K4NsUOpwt60bSdEu/m1OditeqeWfFcZQ8Etila81/FvsBMxtagW0IcIDj ntO5Sc6q0kYtON/t9zS0jX0agMpemwcRrQehixDouSf70Fm3ujK6BSJaCwTF5yCv JApH01iO/P99JoYo/aDC6wAeh7S9q9r/pV3cvigmBQtIO+3tzTqtqiaa9VUOptLn J4Hv2BQu/QeSUfWVfZUQf7X5ffPqDZzCf+KOiu+FIJC/rdAiyOUERlP0xcV5DcaK SndaL2pdchvlgeflrV1a/PQIfRzeJxtS0ySq7Hg0r8BzKD6l+wPsalYtafT/v51k FRDZk/AMDZKkxbTaGggqrE9Oi+mReOeC4PtJXtb2+uTXC5NyiaDq/02xm2xUlq3O TsvV6jGg3s6EOINKKBvRm4J7V6LRCPpjMSjUntkz2OosmW6xTyV9bcbpSM1hHOrL cBcGlmJZBKONRjBMGyAVTKtSMrtYMJ/jjO8TRcZUQ3Ee9aKz4lRXG87BujfWWYFK M8Ya/GE/KL6KoHbJKwuXBY80MD95fJ92AjZSPU8+eAuErOL5mvY= =nJIj -----END PGP SIGNATURE-----
