-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 17 Jun 2024 03:15:26 +0200 Source: roundcube Architecture: source Version: 1.6.5+dfsg-1+deb12u2 Distribution: bookworm-security Urgency: high Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@alioth-lists.debian.net> Changed-By: Guilhem Moulin <guilhem@debian.org> Closes: 1071474 Changes: roundcube (1.6.5+dfsg-1+deb12u2) bookworm-security; urgency=high . * Fix CVE-2024-37384: Cross-site scripting (XSS) vulnerability in handling list columns from user preferences. (Closes: #1071474) * Fix CVE-2024-37383: Cross-site scripting (XSS) vulnerability in handling SVG animate attributes. (Closes: #1071474) Checksums-Sha1: e8cc80b71eec63b0c2b5e7cf27ef41095b848a76 3833 roundcube_1.6.5+dfsg-1+deb12u2.dsc 511d1e49430325080dee0f0609867a51fcab751c 106828 roundcube_1.6.5+dfsg-1+deb12u2.debian.tar.xz 2df601443d160f778975f368253fbf10f09339f5 14186 roundcube_1.6.5+dfsg-1+deb12u2_amd64.buildinfo Checksums-Sha256: c6bed34b68f5a2fd74a5c4c64b9bf3a95dc62f5d5fa2e9f605dac9d07cdb21f2 3833 roundcube_1.6.5+dfsg-1+deb12u2.dsc 3e280f45ad975ccd4c76f906855fd8fefd7002be6e5f9a0ef9840a9d5b867649 106828 roundcube_1.6.5+dfsg-1+deb12u2.debian.tar.xz 761cebd71c64793cefe4159d6f60c8cbe12145890fa2041ec356708730bbcaef 14186 roundcube_1.6.5+dfsg-1+deb12u2_amd64.buildinfo Files: 4c648a484d1ee9ad0977f4055bec949f 3833 web optional roundcube_1.6.5+dfsg-1+deb12u2.dsc 14ad2cf851fdde3afdbc48bf3684bc43 106828 web optional roundcube_1.6.5+dfsg-1+deb12u2.debian.tar.xz 798b6b0dca335cac47318759530cb99d 14186 web optional roundcube_1.6.5+dfsg-1+deb12u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmZvj40ACgkQ05pJnDwh pVIgyg//fwcu1k3CSbSchs11IY2RbQ03W+F6Mx5u5moiq+Fm/hkZLsHnGTGyGC3R oySkMMV05qltwTEDZp5KVqlMfXPb1oYzioWq0BuodFOw3N6hi2MiEVe2sh/g2+n8 15WcLM1i4egkodL15/fu7qE+3spHXxvSoGta7wP3tdmZMuVXEpblpwisLs1Yo/oD aBqMapAWH68eERksYBczh3Q5w48TUQltj2SY1R1sOoJmZwLiGCgXTlXEYdhQEPcP U5HO4YHP6v17wAPwPRHkbDtCeII3qfN1VzErL91qX/d9H6pf4wmsoc8MaQIYjhxX WcSWRGMCtJWdhWBpDWHrm/67bdwEgJ0rcfzgvrjdq6jzJLjsNq9ZuTFXQxWCsMGb wD8qPe/ZHEmOSw8YUw8glcTgbCDCspVYs9WqBHpyC+5pwNSL5bHQbK578/5vWdwP Qmi1vsnnRVYqBpyZWab542fO7uTMQ9ufuCP+r7mQPK9YIu3ulKEpa4V7lQo1dqKS 82KkJ0LZjf3cqGDJgHZrzr7Y+iie1DWRLLfE9THH6HrO6+Y9USaXfFbbU36yp2UF DboLbUVGOzzKZxXPA9k3F0x1OrHFuZwslECvpc9/B2SU7cvwFvYxz5G4loMl3EcD UyX8TKnwJAKSjV+Rp9KPT/kYp9oaQJDVlMheviYr5zHaIqszrbY= =GvvK -----END PGP SIGNATURE-----