-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 6 Dec 2021 18:06:42 CET Source: roundcube Binary: roundcube-core roundcube roundcube-mysql roundcube-pgsql roundcube-sqlite3 roundcube-plugins Architecture: source Version: 1.2.3+dfsg.1-4+deb9u9 Distribution: stretch-security Urgency: high Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: roundcube - skinnable AJAX based webmail solution for IMAP servers - metapack roundcube-core - skinnable AJAX based webmail solution for IMAP servers roundcube-mysql - metapackage providing MySQL dependencies for RoundCube roundcube-pgsql - metapackage providing PostgreSQL dependencies for RoundCube roundcube-plugins - skinnable AJAX based webmail solution for IMAP servers - plugins roundcube-sqlite3 - metapackage providing SQLite dependencies for RoundCube Checksums-Sha1: 3ea4daa3dc03ddfd8c6fd3db0e76b224278cf6e9 2623 roundcube_1.2.3+dfsg.1-4+deb9u9.dsc a221df2e1a8b0c86ece11ff247afb46657145376 4451568 roundcube_1.2.3+dfsg.1-4+deb9u9.debian.tar.xz aa7dbc5294c9f518687a4990b757690064be30da 9620 roundcube_1.2.3+dfsg.1-4+deb9u9_amd64.buildinfo Checksums-Sha256: ff8ed4af372a89862e2519916c9e41feb882b192c2a9c7467bc2e6093f6ff379 2623 roundcube_1.2.3+dfsg.1-4+deb9u9.dsc a7e0ac87e7d1e89f3a2d5d83182763d3206906c0f6eaa013c935d69bbfc7ec56 4451568 roundcube_1.2.3+dfsg.1-4+deb9u9.debian.tar.xz e789ed97bd7b7aa4e8416830ba7b16c49da1d9d306d74aecdee75d98e5150acd 9620 roundcube_1.2.3+dfsg.1-4+deb9u9_amd64.buildinfo Changes: roundcube (1.2.3+dfsg.1-4+deb9u9) stretch-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2021-44025 and CVE-2021-44026: It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize requests and mail messages. This would allow an attacker to perform Cross-Side Scripting (XSS) or SQL injection attacks. Files: ee11b1378dfbbb3208ac0f803c76a5bc 2623 web extra roundcube_1.2.3+dfsg.1-4+deb9u9.dsc 5bb98736674113ea27bc21a266cb407c 4451568 web extra roundcube_1.2.3+dfsg.1-4+deb9u9.debian.tar.xz 973119c2d4c7c0bef04718a841f73b29 9620 web extra roundcube_1.2.3+dfsg.1-4+deb9u9_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmGuQypfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkaZsP/RGYbvgXY3hblh5BgspmRnhqbX1GfRbIvUCp 7OjEgOnaRxk7WwnFqoBTl91v2nrkvXZ+SfIuQRrF3+WXaUM8BQBn4eo33Z2Ovx+m V7mAxvFapkQIaxHAu8zKS6zHFA+syFXAWiW+ZdtFQa2hJU23XBgQB/Cpr4pEfjcc rB+Vg+KwNWoaiMMG9uIc8KlYka6SWFZ/GVXXgjltUGZh5OtqUvAVPnVe+KaqxYby yXVTny+4BE6xSYkuSxYjJYaUY5q0npGQ3qOa+9Os6SGK0/vrigMz2QHHdCVpuPT6 faDnivxBTDwCLnn2KnDW7gYEpe8Dzo0mD+EzIXFc+6LPUFKg4DOC0goF7AQncVX2 oJ5m0cXu+fIzlhwUY4DKBZOs1+/rktFZQ5j9PjPUje2X0WCrcrPFchBksIfTg9vW rpCXFmB7aftuiJdkxl7c3jjYo11sUiC10BwF3BlenGgKoddBsBFRf2cRDvqjnOaf BKGwoFk+3vzbmSA9rw8JRIc3ki/ASxVucwwL5oC8lEWyWBKpiPnkCOkSY+uN1G9A MAIjFeQKLsfeMZD3w9LCBno5UV6//Gp/tWS98H0U+SsoCkUu4fjIJscqmg1GDoms Pleghp8AXH6KZF3k/u+A9hJKsPs2h6PDDffzH5kK714+eiAAqYAT23iHBLnJzKnt oLxZ8fFU =FeG8 -----END PGP SIGNATURE-----