-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 18 Nov 2021 20:07:03 +0100 Source: roundcube Architecture: source Version: 1.4.12+dfsg.1-1~deb11u1 Distribution: bullseye Urgency: high Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@alioth-lists.debian.net> Changed-By: Guilhem Moulin <guilhem@debian.org> Closes: 1000156 Changes: roundcube (1.4.12+dfsg.1-1~deb11u1) bullseye-security; urgency=high . * New bugfix/security upstream release (closes: #1000156), with fixes for: + CVE-2021-44025: XSS issue in handling attachment filename extension in mimetype mismatch warning; and + CVE-2021-44026: possible SQL injection via some session variables. * d/gbp.conf: Rename upstream branch to upstream/release-1.4. * d/salsa-ci.yml: Set RELEASE=bullseye. * Refresh d/patches. Checksums-Sha1: c33d720d130bedec22e7defb1ffb5156cf95801e 3273 roundcube_1.4.12+dfsg.1-1~deb11u1.dsc 25701f11c971057a6052d02b264f731d15ae42c0 128880 roundcube_1.4.12+dfsg.1.orig-tinymce-langs.tar.xz e6ed8e54e92f75a8101f63b302b42850e980df17 889096 roundcube_1.4.12+dfsg.1.orig-tinymce.tar.xz fa176ba23daba11d93f33c19ba032c34964ffa55 2975816 roundcube_1.4.12+dfsg.1.orig.tar.xz 688b741b08dda371f6560253359a0f79ad402a1f 90680 roundcube_1.4.12+dfsg.1-1~deb11u1.debian.tar.xz fb605b4bad52ad2b359a1c0339b0f7c4cbdf40a1 10569 roundcube_1.4.12+dfsg.1-1~deb11u1_amd64.buildinfo Checksums-Sha256: 6950c6c5f036491c7cdc4d84d3c9044d66966f0be3d75d8636d6bbde336f54fc 3273 roundcube_1.4.12+dfsg.1-1~deb11u1.dsc a6f44d06ba61e74fa384979d1ba619c368c354b9fd0bfc3c29456cfc9c588c8d 128880 roundcube_1.4.12+dfsg.1.orig-tinymce-langs.tar.xz 2b7e4aba38dcecb8cc7c6d7fa02d9d6b2e2650e9893a66aa3292f84896d1a7e3 889096 roundcube_1.4.12+dfsg.1.orig-tinymce.tar.xz dba4dc8f04df07cede2916fd49769c99319b363618c9133971e89c41577ee8ca 2975816 roundcube_1.4.12+dfsg.1.orig.tar.xz 57cb8f890dd6faef5a977b19717f54743f3e02dc2c12fa5ae5ba408baaa33ba8 90680 roundcube_1.4.12+dfsg.1-1~deb11u1.debian.tar.xz 667d793f43335c822512dcf5e0d5dca527fe14c98e44c0ab52f5f57f52e91a4c 10569 roundcube_1.4.12+dfsg.1-1~deb11u1_amd64.buildinfo Files: 400526b83be62a7e8f0061c3fbc2d98f 3273 web optional roundcube_1.4.12+dfsg.1-1~deb11u1.dsc b075acfd823355091c04e2c7b7951d8b 128880 web optional roundcube_1.4.12+dfsg.1.orig-tinymce-langs.tar.xz 32f04b2b9f2f35d90f6abbfab11562d5 889096 web optional roundcube_1.4.12+dfsg.1.orig-tinymce.tar.xz 6964008a52cdb08fff4f2de2ec47f98c 2975816 web optional roundcube_1.4.12+dfsg.1.orig.tar.xz 1675d5af5953c47895f4501b243d995b 90680 web optional roundcube_1.4.12+dfsg.1-1~deb11u1.debian.tar.xz f0ec8c5912b42f21896284542162240b 10569 web optional roundcube_1.4.12+dfsg.1-1~deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmGfh7kACgkQ05pJnDwh pVLjMw//YG/RfMZ4d2bmnVnHIgKGXb2PpCRDfsR7/zSGmU1hiZXL1hinq5aynH8w 6AnbdYumv22HMxFkxDL+BWVNuhMGyEqaZ9j9RggybkyKlavVQjAWqIiC/WVlRQzf VJFoxb9s4iHCK4WpROVvSSV0pKHXlyhjHPO1kIqFlNh4Kmg1t3MnFI70oU9zzEIU nPF3Z0/ze6PowWb98m+45paPjU1ywYwG67/xALIYfG+laN0hpqaBli/6Um0pMtHJ 3CVpussv90FzewYMQBGNqHfxfv3kgIRkAYG0b/pEKYeYGSIJ7Jmlq2UbabLdy6NR yDaI+w7ANufIHvyp/Vsnrz9J4krf98DVs78BQ+FRd2znv1dO8ql9eaImw54tdzOz A6Aith8a8bQch5idm8jt1rQh4fK3hmH+5namZmDdFFBhb+Bs37DqaUUKAzRQDfHc i2x2mUjQqYmDRMpoip0bKfajH+trcHDuMDjQt4SjdRG5j9U9JhK8KYElU7k+xXbO Nw/1JRU2RkKUEovUhgRYWGK9xtrJRr1Llqnrnf/bKzXEHUOg4tEfm4rT2Bd6BcPr p0w48aN+XxVgkmiFFIU0bwoVC1gktbyKr6178lJ15gawC6OiK1MEL4tLHvpA31jm 3bFvp6oW5AoZHL2YrYXtM0jjf4qcbS8mckOu1BRsqwEaNNYa5OY= =MK5a -----END PGP SIGNATURE-----