-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 17 Jun 2024 04:10:38 +0200 Source: roundcube Architecture: source Version: 1.4.15+dfsg.1-1+deb11u3 Distribution: bullseye-security Urgency: high Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@alioth-lists.debian.net> Changed-By: Guilhem Moulin <guilhem@debian.org> Closes: 1071474 Changes: roundcube (1.4.15+dfsg.1-1+deb11u3) bullseye-security; urgency=high . * Fix CVE-2024-37384: Cross-site scripting (XSS) vulnerability in handling list columns from user preferences. (Closes: #1071474) * Fix CVE-2024-37383: Cross-site scripting (XSS) vulnerability in handling SVG animate attributes. (Closes: #1071474) Checksums-Sha1: 63537f4308ec2fea363281fc8cca725d7b673449 3273 roundcube_1.4.15+dfsg.1-1+deb11u3.dsc 9c9758bf5abc09cad5493589bcbe37b6065ad67b 99048 roundcube_1.4.15+dfsg.1-1+deb11u3.debian.tar.xz 23bc01f4d1d47aeba4acfd4efa1fe2b9f687cf52 10856 roundcube_1.4.15+dfsg.1-1+deb11u3_amd64.buildinfo Checksums-Sha256: 298482d58d7959aa3d24ed6c794dd46e6b81be2393297372fc568bc0892f958c 3273 roundcube_1.4.15+dfsg.1-1+deb11u3.dsc 8961ad4d22bdd8fd3e5794ab1e6dcf6b3304a041e158e282aff336fee1d3bcb4 99048 roundcube_1.4.15+dfsg.1-1+deb11u3.debian.tar.xz cfec233c743053217a84f65c7561a4b3bd930d2946c1b06cb066fd8c387f3bd0 10856 roundcube_1.4.15+dfsg.1-1+deb11u3_amd64.buildinfo Files: 2877a20877ca35acae6a1f14978ac45e 3273 web optional roundcube_1.4.15+dfsg.1-1+deb11u3.dsc a537c5a274f48383fba4a276f5c603c0 99048 web optional roundcube_1.4.15+dfsg.1-1+deb11u3.debian.tar.xz 730de6ea9bfa896049b9dde3e249c594 10856 web optional roundcube_1.4.15+dfsg.1-1+deb11u3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmZvnWcACgkQ05pJnDwh pVLMNg/8DiFNGDh+jyVE+G0ehwpJjx69LeHyCnfGQkZVuK/gAhoR6V1SNOo/8MMW fkKnRpvKV6dOMWc4nH7hwUjYqqA1zC7/XGRXD7wIdK/QariGOkW2cw6VX0APQiE6 otMnWNfi/dN0csGfcJODchiSaDaFZhmTb6NkSPi3a++R9RydD9ZOiP2lAWMLdzCQ Xpz5sQEYz1qORBmjACjVGMFt5LC7EdDkbHk7SqU3SOk2D1E+niY/t0e+544898Uc 6mt7yl6IHuW5Jy6k/JSNv4BlTLYZRvesvu8T9VJEiyt0Rr42yQBmr2aweBvSAzBS sI+V1hh1AmEJ0cTWYA8uBe/Og87stw01FjcWgSXs4wayLVVeBDFbkmyS1lueSeg9 mM0Xxm11pxIoC87QB7J8zuRmve3uFQZu4KNC5ciY32dWghz0epy6FK0eY/CYZaI5 v5+6DOoRlL/XruQked45FAXHr3KjbvNCNUYFqijH+uv2Ip/R9dFqQMUHkd3aUJuJ GR0ZiaAUogsk3m+39zIx/KIAhgAV3lcp6GOK+WtLcQ0tHbGaQ/Hto0WJ5OSMdlwA RLEX1VMYWYgvPBk2UPqHT5wr4/Ya5R7OvDjWLDEtUwaUNEb+fSIEqh3Oiff2hNZq Ue+odix8HQXLUjdzXh4Ums7QRlVXmiXD5mjcEmsxHc04ti5g3+I= =duMs -----END PGP SIGNATURE-----