-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 17 Jun 2024 13:52:56 +0200 Source: roundcube Architecture: source Version: 1.3.17+dfsg.1-1~deb10u6 Distribution: buster-security Urgency: high Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org> Changed-By: Guilhem Moulin <guilhem@debian.org> Closes: 1071474 Changes: roundcube (1.3.17+dfsg.1-1~deb10u6) buster-security; urgency=high . * Fix CVE-2024-37384: Cross-site scripting (XSS) vulnerability in handling list columns from user preferences. (Closes: #1071474) * Fix CVE-2024-37383: Cross-site scripting (XSS) vulnerability in handling SVG animate attributes. (Closes: #1071474) Checksums-Sha1: 3250fe6cc91fcad0c4d318d9e9b698dbfdec7aa9 2487 roundcube_1.3.17+dfsg.1-1~deb10u6.dsc d8906e3eeb077899022bf012a16d42d19f66d52d 3060476 roundcube_1.3.17+dfsg.1-1~deb10u6.debian.tar.xz 8de624cf00941d94005c764c6ea2fcd9dad2ec61 9509 roundcube_1.3.17+dfsg.1-1~deb10u6_amd64.buildinfo Checksums-Sha256: 9f9f8975333ee6412061e3a32507d1be9eca147135cc5230b48717f5bb2cce6a 2487 roundcube_1.3.17+dfsg.1-1~deb10u6.dsc 094032a889c7f4a426771f4b5ff646e9867e5401db759739aa05dd61675ecf05 3060476 roundcube_1.3.17+dfsg.1-1~deb10u6.debian.tar.xz 610075f70f688a9f6dfec1c7492c8180241db378530904d5e911b4ba465e8be4 9509 roundcube_1.3.17+dfsg.1-1~deb10u6_amd64.buildinfo Files: 21ca318a276224815bc34e107bc85c61 2487 web optional roundcube_1.3.17+dfsg.1-1~deb10u6.dsc 298cd0f503f578e0ca56d65b40e1d59e 3060476 web optional roundcube_1.3.17+dfsg.1-1~deb10u6.debian.tar.xz deeada5710a0fdba35a732b22cce0900 9509 web optional roundcube_1.3.17+dfsg.1-1~deb10u6_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmZwJBkACgkQ05pJnDwh pVKf9BAAwvPlapvGOZ9k+2+zqj8VCpBodM0U5/7C1KDMUygyVmiN73/9o0p67OVE ibnjwD5rZpxd1L3T0NFTzXxfiAZ5TRK5ohAhQZvbi54bhwf9oc2PP/CC0VOFYPtd 7uLOjPXwp71FVi/S1DnPHxndoZWsisjNIkRdwzJDhxlZVylFI9t1MdeGeWYLb1r0 d8hxIk7CpyBQZzyv+mks7HlgS3JVdZHIJp+4ldN52bNQKpK7IVkhvHVc4MxuNwk3 nTZXShMjz6ByOI4tyKRGf1sMuG3SN2WHJ8JX5aA23bMDoEtICJ2ipXPfqfAYFwSy f9h6glWWb/vKqSiyl4zjFUJdmDofa3mRGGlmVSqAlvnJcZnAKKCvzuCw2+++PpIg Du4mYxaoIb8JZlxDUblnuXuzpZau9OUJx7TMkFp9kk5butCJWJDyrEqT+aA1cZK8 RXgj2l5JaIZQV5PsfvxILlUogsrugwq2+fm+jBbVi+o1iIw7minK4ataRxaMLqeX fr14vMgPKqL3nG+/ovB+V9COAat9vauXOexdBFI2Ldut7bE+k15nYVR0YFEUET/S sym9WgJ5bqki7qglL8gikAhB4n6O/m0wX9Yuy1GVYDLOtBxFiV7r1IBftXBCesli Tkynip6OdS3/ENJAUUUoX67bGKSRNqzEFhHNo8IxIVan1GvdTW8= =oRa0 -----END PGP SIGNATURE-----
