Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted roundcube 1.3.17+dfsg.1-1~deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Date: Mon, 29 Nov 2021 18:17:25 +0000
Signed by: Guilhem Moulin <guilhem@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 18 Nov 2021 19:52:34 +0100
Source: roundcube
Architecture: source
Version: 1.3.17+dfsg.1-1~deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 1000156
Changes:
 roundcube (1.3.17+dfsg.1-1~deb10u1) buster-security; urgency=high
 .
   * New bugfix/security upstream release (closes: #1000156), with fixes for:
     + CVE-2021-44025: XSS issue in handling attachment filename extension in
       mimetype mismatch warning; and
     + CVE-2021-44026: possible SQL injection via some session variables.
   * Refresh d/patches.
   * Refresh d/upstream/signing-key.asc.
   * d/gbp.conf: Rename upstream branch to upstream/release-1.3.
Checksums-Sha1:
 60dec2e7f716f676620b39092d0542ee6896c35c 2487 roundcube_1.3.17+dfsg.1-1~deb10u1.dsc
 049b02152dc5e7a640fbc5e9ea59ac374c235298 2186304 roundcube_1.3.17+dfsg.1.orig.tar.xz
 ed2717075cda99eb7383cd84d64e43fcf8c6bbb7 3054684 roundcube_1.3.17+dfsg.1-1~deb10u1.debian.tar.xz
 a1d08aa29bd5515a5688297a00059b1e32504422 9339 roundcube_1.3.17+dfsg.1-1~deb10u1_amd64.buildinfo
Checksums-Sha256:
 07d4b520e36900c5ac213da5f93aa44c81e7c02a340a0f2a0c940db33242be4b 2487 roundcube_1.3.17+dfsg.1-1~deb10u1.dsc
 de5fa96b2e5fb9c6584e06c7dea6f959dcd5f24950cf22f2125f1da1450ef3cb 2186304 roundcube_1.3.17+dfsg.1.orig.tar.xz
 f72cd55bc0e6f822350e5635d96d881764886b601c2857172ddea852d1306e92 3054684 roundcube_1.3.17+dfsg.1-1~deb10u1.debian.tar.xz
 149a1612336afa7b5db1f0a5ca929e13376ce38f6b26edd9a6731ed762c11ded 9339 roundcube_1.3.17+dfsg.1-1~deb10u1_amd64.buildinfo
Files:
 430dddff4b3c764ed7593f2fc8833a81 2487 web optional roundcube_1.3.17+dfsg.1-1~deb10u1.dsc
 d6e1afb06f95297460a0cecc43c5ec17 2186304 web optional roundcube_1.3.17+dfsg.1.orig.tar.xz
 1f087b1bf713c6a294ecefc415573da8 3054684 web optional roundcube_1.3.17+dfsg.1-1~deb10u1.debian.tar.xz
 2981ccd2e0122d64ae97b5e463af43c3 9339 web optional roundcube_1.3.17+dfsg.1-1~deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmGfucEACgkQ05pJnDwh
pVKvYhAAoXcJbkpR9yda6luqrsJmavzv305C/Oqd878dO4fig1wX6NL+/76S2jyW
l9bH+AHmLZp3AYuWpSHeTwXcyz6is9rlMQao9zSMyqlJiJqVcAyaOLvVX3CTrtB5
1Oez7T7f5bBAW46hgzzfSrPQB+PCxpmaOYxHtcbW8sLFzpV/Lxwk4iiM31cv7gQ2
Ljvk3nKSxPrkfGtPsGGaXjGRUZ+fl3lodNbc3oUuvEm6K4gEPkwO7xYEOfHtyBU2
pihXdzNJUtdRgHyw7gftZMxgxcdcFrvxA58ZpEDdSvRlbLIYZ9o5sAkKXnJxJk9e
DJcPFJYsZFOlmUwWbU1uPQ/0bUe1bUZCHliTOOJ5hSiKXARNVP5Bd3iHEhaWQbUS
JPoYzBaYIeMNeLNzInGozkiJaEVZIvZSQROdd/wbQNvfKF9YvLA1iQLReZFOJdJx
9RDdVxbJtC0iFYBOc+mGXnovM4k2L6e31nJ3bZoFFNQZIrlwYTPwB3GePasIiXvL
7or2NK0juZyMaWi6lqnmPKKN1GMOL6ZhAt2xbrihQW05zuuk9Zt0Hy4nnjMt19vF
37ae4uELptZaC0rCLroCy7orfV1vMMCL05IXiXSSsAMA7U10AHiDC48Ywh7yhukq
hsbCaHLsuaCvtpXjD5aNmkNykVCcCVPTe270U67U4nGA+jVXvq4=
=POFN
-----END PGP SIGNATURE-----

News for package roundcube