-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 19 Oct 2023 00:20:52 +0200 Source: roundcube Architecture: source Version: 1.6.4+dfsg-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@alioth-lists.debian.net> Changed-By: Guilhem Moulin <guilhem@debian.org> Closes: 1054079 Changes: roundcube (1.6.4+dfsg-1~deb12u1) bookworm-security; urgency=high . * New upstream security and bugfix release: + Fix CVE-2023-5631: Cross-site scripting (XSS) vulnerability in handling of SVG in HTML messages. (Closes: #1054079) + Managesieve plugin: Fix javascript error when relational or spamtest extension is not enabled. + Fix PHP8 warnings. * Replace upstream release “version” 1.6-git with the actual tagged version. * Add DEP-8 test to check RCMAIL_VERSION against d/changelog. * Salsa CI: Disable lintian and reprotest jobs. * Refresh patches. Checksums-Sha1: 305df9757a89e3e7a2b10e51418a78edbcb0fe85 3833 roundcube_1.6.4+dfsg-1~deb12u1.dsc 49a41f382aaf74673bd5dc649d3cbe8d67ace5ca 220736 roundcube_1.6.4+dfsg.orig-tinymce-langs.tar.xz 32758ee3f2b186460c2e8f1cd87aa8ee22c6bc44 1858152 roundcube_1.6.4+dfsg.orig-tinymce.tar.xz 6b100df31c0cb2d0e296386c871a59bde179846b 2784448 roundcube_1.6.4+dfsg.orig.tar.xz e1acd2861d40e9758fcd9c6759cefb28b5704168 105428 roundcube_1.6.4+dfsg-1~deb12u1.debian.tar.xz c69103d07eb570f2933e240a07bec73c25f71ee9 13981 roundcube_1.6.4+dfsg-1~deb12u1_amd64.buildinfo Checksums-Sha256: 3915499bbdfa1cb11080b907a5ae8280404f17c5c0ce68711c0e7c7178f7a088 3833 roundcube_1.6.4+dfsg-1~deb12u1.dsc 3d7bf2bba2010c171319a76a266b671e01d5c7bff3e200fe9d966bf915932dbe 220736 roundcube_1.6.4+dfsg.orig-tinymce-langs.tar.xz d347dcebc705fd65214c08cdb02367e39bef9e3eba41c0affe84bc42ccec8aa9 1858152 roundcube_1.6.4+dfsg.orig-tinymce.tar.xz ea4e8fb414edd0961aa69d4ffba03d4981a4fad62580d88989f71489d11f3a1e 2784448 roundcube_1.6.4+dfsg.orig.tar.xz ea53ad2d05f5fda6e7eb92d166c9500824fe4fce2879a244b9b38e21f0f4c99b 105428 roundcube_1.6.4+dfsg-1~deb12u1.debian.tar.xz 0a99971963abd91d2d8132c2fd72533da59a166359f971a9ef4ba9a9266d36ee 13981 roundcube_1.6.4+dfsg-1~deb12u1_amd64.buildinfo Files: 4b06ae012ed25f04921e0fb757ab939a 3833 web optional roundcube_1.6.4+dfsg-1~deb12u1.dsc b8e238bb13d3f2c9e3052bf77ab32dde 220736 web optional roundcube_1.6.4+dfsg.orig-tinymce-langs.tar.xz e5a66bf48031beb980234a0d27d77fdf 1858152 web optional roundcube_1.6.4+dfsg.orig-tinymce.tar.xz 36dc8f64d4e01669457ca1ac400ffaa3 2784448 web optional roundcube_1.6.4+dfsg.orig.tar.xz f807f7f43a38df78f8b17653068a21ef 105428 web optional roundcube_1.6.4+dfsg-1~deb12u1.debian.tar.xz 21039e1761310777e4fab7756ebbe7e3 13981 web optional roundcube_1.6.4+dfsg-1~deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmUwYVYACgkQ05pJnDwh pVLomA//Tcz+oqc59r8QW136f9e/AXD403k1UrMGM95oECg0sqrDCJFmfzbMdKzp +L0F3X1zrJJ5osCAsMsq+bkkLkF+rm1D7splMGIBg42jhlMYH/sNHx/SvzGbf8Hy ylrkJ2NWu2UnjR0Plwor6iMzrhhgAmHnz/LLcKtVLGotn+GunKIrGIu8vvH5mjey mD000NW16PfTApsDZGZqpcap5r08rVP92AQupl2/iiC4P3Dr0TyaJGbDGMrqj5b7 VYHBrh8fQ5XAwbqUAMQUzUi4RhyRMyx4ZtS3u8E4YYjrDh2VN/1vWV842/pnzaEf CV9jWDWGaB2C4IiUWht3VE/PoIZ4Mh8UObaMNvbGm4N2HTHxsHeFVw329dn7gilF Mga9E9quJr3tuKC1lWm4BXtkvHqVry+wTs0ERntoizGiqyTijyhGJLf7Tgjeq6TN HV6pAqHyJDQGSQ7Qc+J7aUpzQgEB0SLD+F1HUE/L55w3xOHQQfCwsegq3nWYfSr0 Dody4tqRDNGJrnC46FM+eaMNzig5TAZFSb+WLm6HlCS+NmBWAMF5z9YEhAtmdlb/ 2c1yK+VwaDETSpOdd6UbGPZbil2yewa7o8A82HMLiyt6AyKAmOXxU5exeFJLpfO0 C1NGIMRXuBXbAybN1Ps9OH3vDtEwqbZKKbKVJyQP3oG8oXFzfCE= =JPSc -----END PGP SIGNATURE-----