-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 28 Nov 2023 16:10:54 +0100 Source: roundcube Architecture: source Version: 1.6.5+dfsg-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@alioth-lists.debian.net> Changed-By: Guilhem Moulin <guilhem@debian.org> Closes: 1055421 Changes: roundcube (1.6.5+dfsg-1~deb12u1) bookworm-security; urgency=high . * New upstream security and bugfix release: + Fix CVE-2023-47272: Cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download. (Closes: #1055421) + Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE. + Fix UI issue when dealing with an invalid managesieve_default_headers value. + Fix bug where images attached to application/smil messages weren't displayed. + Fix PHP8 warnings. + Fix regression where ‘smtp_user’ did not allow pre/post strings before/after ‘%u’ placeholder. * Refresh d/patches. Checksums-Sha1: f7c6f72376c32a4dc572e6634b1ef5c713cf668a 3833 roundcube_1.6.5+dfsg-1~deb12u1.dsc b49ae6e3e83dccf3d72cef09a2131e9af1b524fc 220732 roundcube_1.6.5+dfsg.orig-tinymce-langs.tar.xz 4d2c7d01645d775d9915b8eb3ac04f29bc5354c9 1858372 roundcube_1.6.5+dfsg.orig-tinymce.tar.xz aafc7b4208d011a285f33562027aabde61ee2fe0 2785184 roundcube_1.6.5+dfsg.orig.tar.xz 0f7baa3e23bc54a93cb563057ef01befdf34d876 105632 roundcube_1.6.5+dfsg-1~deb12u1.debian.tar.xz 7412801c970196cd631d1bc8bc5ee24df00b2a4f 13989 roundcube_1.6.5+dfsg-1~deb12u1_amd64.buildinfo Checksums-Sha256: 736d62e631fbfb6d42decf15917c35d2b8c78343db160fef6405bee2c5cbe63f 3833 roundcube_1.6.5+dfsg-1~deb12u1.dsc ecb72327cf9e09e71cbc61631b9e3f6b3b5ed91efc83758cd6c05eeb7dad985a 220732 roundcube_1.6.5+dfsg.orig-tinymce-langs.tar.xz bca171899ccf6d07ccfd21843d251199ede59aadd6b84efe9be3af7c3e473aa4 1858372 roundcube_1.6.5+dfsg.orig-tinymce.tar.xz 9ed67e12705c656c7006f092ecdb9cfc3cd55946273bc0c0743e5c56921bc888 2785184 roundcube_1.6.5+dfsg.orig.tar.xz abac0b810573ea0964ab3a870949a3ead8e84dad38dda787517948996eaec8ef 105632 roundcube_1.6.5+dfsg-1~deb12u1.debian.tar.xz 9443682c0497cc07607e6069edfff57ba10d41e6fabcaf73f310ce9e786160f9 13989 roundcube_1.6.5+dfsg-1~deb12u1_amd64.buildinfo Files: 25380b09761e5ce5c6390bcf14e401c9 3833 web optional roundcube_1.6.5+dfsg-1~deb12u1.dsc 5edad424105c300bf5ce7ac7c49dc6d9 220732 web optional roundcube_1.6.5+dfsg.orig-tinymce-langs.tar.xz dc3d429e8b8d0c96e724816dd1affa3f 1858372 web optional roundcube_1.6.5+dfsg.orig-tinymce.tar.xz cd3be9b30e9f7639292da316ccddd730 2785184 web optional roundcube_1.6.5+dfsg.orig.tar.xz 68e575f4473ecf9196b01084f88914d2 105632 web optional roundcube_1.6.5+dfsg-1~deb12u1.debian.tar.xz 800963ee45fd3594b4d84a493ecc48f8 13989 web optional roundcube_1.6.5+dfsg-1~deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmVmA7wACgkQ05pJnDwh pVIJKRAAy5Dtwbp8dqdfAXLcj0QGj/56OZqCxl3YQ30/gZDwUVrHraZb5HF91CjT A3u38xQaJ7vk49B7RynAOvbPzZmGsnHKvU7+cxbhpg/hyo5ZfSVAyl+CupncjCJb ubAz4kr95Uvk+PNgUAqYSZqYxvPAoucvQ4KIjPGWB+2L3hXjKg1vC0HyL1WDyonX Th1f8ANFzS8DqSteW3Bj8Bzf/oO4WndDs+6GsPKmusx9/DSTWeEZNOFjSMosSoqz Vx3XeTvojWWlu3+hw5fBqEgJqxmKbhfLbtO7zxZP1sfN+hGTO/i8a1KtI4Che7A8 5YGgT2tBoRQqkOaiUVZsdDDugFOvHMZZUbprbX0ney5zne3kOW81H7b5E30ncFGN G5XDeG/NjPBb9JyedPgbZKYudsOcV+pXt/fKI/hnfYyHX3lpxTvP042Jjkmk/fpa /ekOGMDr0PxNj1/k0OxA6UBTai+0IN9BJk4cz3sQts+RBKcsyjw1ZIPaePi1BcbA HWS5qhaLSMFUCif3OruvW/Mc68h8HNIreUUZjANpULKKcMcge+gSwfBPyavCmrEp e9I7uA20eKQqTuIJq+zRJCHO70e5DHhEeTUT+Pf/NMZXv4GmuTb4YknFKlGvUNZu onFdRU8wWdtQaJguhN6unRQAvo8YKme9Ozw3PhbF0AHcNqrEaZk= =7+FS -----END PGP SIGNATURE-----
