-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 18 Sep 2023 14:18:17 +0200 Source: roundcube Architecture: source Version: 1.6.3+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@alioth-lists.debian.net> Changed-By: Guilhem Moulin <guilhem@debian.org> Closes: 1040705 1043395 1050317 1052059 Changes: roundcube (1.6.3+dfsg-1) unstable; urgency=medium . * New upstream security and bugfix release: + Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages. (Closes: #1052059) + Fix regression that broke use_secure_urls feature hence OAuth2 authentication. (Closes: #1050317) + Fix regression where LDAP addressbook 'filter' option was ignored. + Fix regression in decoding mail parts FETCHed from IMAP. + Fix PHP8 warnings. * roundcube-core.cron: Trigger gc twice every hour. (Closes: #1043395) * Fix GuzzleHttp autoload location. (Closes: #1040705) * d/p/fix-autoload-location.patch: Set ‘Forwarded: not-needed’ DEP-3 header. * Refresh d/patches. Checksums-Sha1: b5200b58a3a152f50a4b1d0f54d7e9c0658ed54b 3801 roundcube_1.6.3+dfsg-1.dsc b39fa52c9d251ef1b496c5f501b96c421c29de76 220628 roundcube_1.6.3+dfsg.orig-tinymce-langs.tar.xz 618f2bd02a4bdac6af753e84a5863f824ab1faa1 1858136 roundcube_1.6.3+dfsg.orig-tinymce.tar.xz 7902770ad7f3b14d135fc2a9c4c884165a821924 2784168 roundcube_1.6.3+dfsg.orig.tar.xz ecc546df29b7b646e419ff531cd13b7d830a07a9 104804 roundcube_1.6.3+dfsg-1.debian.tar.xz 9d48b868c8323830ba96b3c16e757e5fa0b26b5d 13589 roundcube_1.6.3+dfsg-1_amd64.buildinfo Checksums-Sha256: afb8ca1294af59368ba10dfbca1560a0988a2e024906d4139c778d227b287a5f 3801 roundcube_1.6.3+dfsg-1.dsc c9334a84b6ea1307ac30c95efd50f12c2b523f20d902998c52b62cfa04cd9015 220628 roundcube_1.6.3+dfsg.orig-tinymce-langs.tar.xz 16df31fd8f9f96c1019a9fdd803095111f470b4e423e0509eb0d5e0d6d395670 1858136 roundcube_1.6.3+dfsg.orig-tinymce.tar.xz 857b29588256ae2be9a45693f6cf670977e4ca6e7088874761ba1da60b123809 2784168 roundcube_1.6.3+dfsg.orig.tar.xz 6a48808b80d37299ac5e71471af8addd59195e7ccafed048c29b86045650a562 104804 roundcube_1.6.3+dfsg-1.debian.tar.xz 551fa0c356c9711200b6c377ec68c5ab0593606722428a9eb56b977cd987cfd6 13589 roundcube_1.6.3+dfsg-1_amd64.buildinfo Files: f225a1486bb8db4768ae6f8c91d2aefe 3801 web optional roundcube_1.6.3+dfsg-1.dsc 3d80b58f48c74889a75fa606f5058b1a 220628 web optional roundcube_1.6.3+dfsg.orig-tinymce-langs.tar.xz 8a08dd8d4ade5763e1bbff1a076caf75 1858136 web optional roundcube_1.6.3+dfsg.orig-tinymce.tar.xz 44b900df398a9683dc066b4c1f3d7f07 2784168 web optional roundcube_1.6.3+dfsg.orig.tar.xz 476e3802ba1034465bf8b4786d4b040c 104804 web optional roundcube_1.6.3+dfsg-1.debian.tar.xz 7b9908b7fb2d8ab84174767e6b75b39f 13589 web optional roundcube_1.6.3+dfsg-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmUIQQwACgkQ05pJnDwh pVJ5Zw/8DYC3m3H81vGeBAC8ZlwZloWVMePto1g99ZEOBWChpFdVNcx7588fdRFj QtVsHRvOeJSE/w8XzjhL483ChXRvJ7gup4c3ThPu2dQfYurYc3HQ4yAITfGAr4Pv NbJh+5FCGnWFn4pW/qMAex+3D4rhu2mkMyXzifp/oWPtKJaA3P9WYKOpD8MogRK/ iOxviaC/pWZQhIawuz+eCmpnvXI4KJ1olBLWKCv2upcsiQnr8ancZsTmsV5LqJe6 ei0BEXg1w6C8ymkXEcxOB2w0zynB6ZRcgHCAOiqCmDPvpWKUvMz+BaFae/r/xd1x IJYq/+dTvfD9BQKMfNp8xw9HZuU4ssnkK+RdvV5ZqtKuRFqWo+Va7jE1EK+R2ttV XuhXaylcIFXmp3hMLDjD81lXZVOcHwQJfpvoFBw2z0e0gBpuPe+HXRUe/bzssZv/ 3/aOBSMKu7lDxEVisteUrU8Fu2TUBD0Q8muQ/bw8YaszAN31C5ffeOGXZDXE6Dfa jN2U2V/xkqGWcvrakPI6L0L0LFrCBSMt3lPcFgIkr9S770Hmb41uiDNyWVSyFQsO lnUnRNxHwY+KMNIXTOWTi1D+0I5WRWRmsXZo06rgUsloag1178cE0zFhrMKh9LTQ ackhpNCI8+6CWqsgjPcxOy5Hnx7Ctf9spP8Db3hZf7J10cYinw8= =3m56 -----END PGP SIGNATURE-----