-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 05 Aug 2024 11:31:31 +0200 Source: roundcube Architecture: source Version: 1.6.8+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@alioth-lists.debian.net> Changed-By: Guilhem Moulin <guilhem@debian.org> Closes: 1077969 Changes: roundcube (1.6.8+dfsg-1) unstable; urgency=medium . * New upstream bugfix and security release (closes: #1077969): + Fix fatal error when parsing some TNEF attachments. + Fix decoding mail parts with multiple base64-encoded text blocks. + Fix infinite loop when parsing malformed Sieve script. + Fix bug where imap_conn_option's 'socket' was ignored. + Fix CVE-2024-42008: XSS vulnerability in serving of attachments other than HTML or SVG. + Fix CVE-2024-42009: XSS vulnerability in post-processing of sanitized HTML content. + Fix CVE-2024-42010: Fix information leak (access to remote content) via insufficient CSS filtering. * Refresh d/patches. Checksums-Sha1: 14a4115696d56d30beabad2adbe4800314f8995b 3835 roundcube_1.6.8+dfsg-1.dsc cb106e5ddd59e21a1c0ddbc822e9d9c0cc2a6e79 126928 roundcube_1.6.8+dfsg.orig-tinymce-langs.tar.xz f6a900a73de21b09e4ea16da80b7b123b863f559 1928668 roundcube_1.6.8+dfsg.orig-tinymce.tar.xz 548533051eda309ed57836219124fedc05c8efa2 2787208 roundcube_1.6.8+dfsg.orig.tar.xz 6cbc23eed0249ca9104b28807e85ee7c6a12ff03 106644 roundcube_1.6.8+dfsg-1.debian.tar.xz ff85e0f6412e8178a1c3489b177beac8ec745c06 14135 roundcube_1.6.8+dfsg-1_amd64.buildinfo Checksums-Sha256: 4c6f7b01d0e6408c20fff4095dd7addab7266877bc32723859c7d69f947ddc67 3835 roundcube_1.6.8+dfsg-1.dsc fa9ba6963b713ea9efb972c5922838079691de41e5ce01ee1bb413bc2a2bacc1 126928 roundcube_1.6.8+dfsg.orig-tinymce-langs.tar.xz 415317df1d18253f6ede1731731f33a5b25908bdbc7212d7f5e0ec4cab224c9a 1928668 roundcube_1.6.8+dfsg.orig-tinymce.tar.xz 1da3d2e2196ab3cc7e8aca468d5361e89c53baf4f812df4796803c07adc22578 2787208 roundcube_1.6.8+dfsg.orig.tar.xz d5c8bf690c3b5793906da976c779f8cce79f8d79df4b0eddf1d1a76cf505fdd4 106644 roundcube_1.6.8+dfsg-1.debian.tar.xz 201894eee80e892462266625792c35c56ed40df75e628cd8c48967eceeb5715d 14135 roundcube_1.6.8+dfsg-1_amd64.buildinfo Files: 5ac68efffbc28c7b97f7f83d371b6390 3835 web optional roundcube_1.6.8+dfsg-1.dsc 0bcdea78d1aeafa6972ecfc8a4fbbabe 126928 web optional roundcube_1.6.8+dfsg.orig-tinymce-langs.tar.xz 5c5466d0aaf8631730f6ebaa7c99de42 1928668 web optional roundcube_1.6.8+dfsg.orig-tinymce.tar.xz d74c2aa16048e5458963066595582f85 2787208 web optional roundcube_1.6.8+dfsg.orig.tar.xz 48525300824e6df6c5727fc47da44b65 106644 web optional roundcube_1.6.8+dfsg-1.debian.tar.xz a78ca5a4e36dc57f491e17e56d48082d 14135 web optional roundcube_1.6.8+dfsg-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmawncEACgkQ05pJnDwh pVINCA/7BfTA6z807oX2PapdGtJtz10169X+PGfq/Z5amgj6pqMLVWoqTXoZi16s 2jNYtsySNvilge4+F7KkxoM5L5UFYthLBRdPTNwH0Dgm5K5+utYSrBhLcfXHV50/ 5Mfww3EKw7ivhRbqOwtqbIMD7yoA4r39LjxQ6yZRJVjINIR34q1weCTXlrrohnwT Rg54hRnQe/o8B4OzWpKfyJjsI4a+wGcVyAw7Nz552NDbraBbaiSNb8A6gvSXdFdW auNSLywx4oPYYqlYJ9MPMbDXzPB1OvJz0eH1ZfcR4x04PibO+RRSOam3z84yjTwS hj8sR4n92IsfnsfxUgoj+6yOlc2VPr1GQxlatr32KkW0FAiz3EENtozxENgMyMoj Ud0Q9Yy7PIaZbLrxlMT5O5Y9XjZssE5MoyXzWxDF8Xy5rCPXP0YE9UgzBcAqVx4C YI/1eaRaBOntabUg1vBqeFceN6LVIk5MOz0DmpqdQ2ZhNe7wEUU9ma2r+GBw4RoD 3iOqPIXg3wneQXZGqGtjEJrIdvpagEcFHcatD4xfy5QGDMYKWu/vIZSbrSeNl4WK d22fP5SP0F0B26twzaaxjf473CBPaq7gl1yMewxsunWRS4tiTVF0FqikqAAqAPFS mSLKvpF0Eley5Qjaj5ePYf3/rQ19CcfsTVlGA4ilUllcs8uMWak= =iWlw -----END PGP SIGNATURE-----
