-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 16 Dec 2025 09:22:00 +0100 Source: roundcube Architecture: source Version: 1.4.15+dfsg.1-1+deb11u6 Distribution: bullseye-security Urgency: high Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@alioth-lists.debian.net> Changed-By: Guilhem Moulin <guilhem@debian.org> Closes: 1122899 Changes: roundcube (1.4.15+dfsg.1-1+deb11u6) bullseye-security; urgency=high . * Backport upstream security fixes from v1.5.12 (closes: #1122899): + Fix CVE-2025-68461: Cross-Site-Scripting vulnerability via SVG's animate tag. + Fix CVE-2025-68460: Information Disclosure vulnerability in the HTML style sanitizer. * Fix bug where title tag content was displayed in the body if it contained HTML tags. Checksums-Sha1: 7ec665e7e693bec00e568d1bcc079502d8e29386 3276 roundcube_1.4.15+dfsg.1-1+deb11u6.dsc fb0b5deacca5863d37a0b10c3771f27c91d4545e 128840 roundcube_1.4.15+dfsg.1.orig-tinymce-langs.tar.xz a53c61b8ec041aa5a15be0da438a990a34acc072 889052 roundcube_1.4.15+dfsg.1.orig-tinymce.tar.xz a3591df13cae970b04c53651221f316ba521c473 2976560 roundcube_1.4.15+dfsg.1.orig.tar.xz 0dca07dab6dcec5bd18dda7a1f35d9a69b25fc69 113796 roundcube_1.4.15+dfsg.1-1+deb11u6.debian.tar.xz a13cf7b25da2b6ec5b7201dc5080ee920a677972 5943 roundcube_1.4.15+dfsg.1-1+deb11u6_source.buildinfo Checksums-Sha256: f91bc4d98d7f74660843904ae4cea8ec829d77f8ba8e2268a8a6c73784628813 3276 roundcube_1.4.15+dfsg.1-1+deb11u6.dsc d1806e62b75b5e2c8bbbce987abd3eae874f205dd560ad8f6f02a2171c8cf23a 128840 roundcube_1.4.15+dfsg.1.orig-tinymce-langs.tar.xz b61678512254fc2af25a42ac689ac6df69bdf6d15d7aea6e9001c8868653ee74 889052 roundcube_1.4.15+dfsg.1.orig-tinymce.tar.xz f56e664cddb698cf0eeefb1a34dd495ce0e6d29643b2e2ec0ae5cb9c6342882f 2976560 roundcube_1.4.15+dfsg.1.orig.tar.xz 60f08f3a8c783af25a80d0358a92b0dde78a01bd58c0aeb7f161f13323f84559 113796 roundcube_1.4.15+dfsg.1-1+deb11u6.debian.tar.xz 6ecb01975aedfda51c9c4384b2a026524db809f48146d30791ec85a1817ed296 5943 roundcube_1.4.15+dfsg.1-1+deb11u6_source.buildinfo Files: 67107cebfa9031bc0d6b67bd0329f0cd 3276 web optional roundcube_1.4.15+dfsg.1-1+deb11u6.dsc 450c693c68d2642b15356d06255a0d4c 128840 web optional roundcube_1.4.15+dfsg.1.orig-tinymce-langs.tar.xz 5b440fff53353d7c0ad73292c1cfe6e2 889052 web optional roundcube_1.4.15+dfsg.1.orig-tinymce.tar.xz e98d3d252094ea231c3b02a3ff39471a 2976560 web optional roundcube_1.4.15+dfsg.1.orig.tar.xz d6069f32640e98a05cd0ca8216a3816f 113796 web optional roundcube_1.4.15+dfsg.1-1+deb11u6.debian.tar.xz 80d8f87ac2b8e1250a7b9fbff2866f83 5943 web optional roundcube_1.4.15+dfsg.1-1+deb11u6_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmlD+5YACgkQ05pJnDwh pVJ1+xAAlC2ESL7wSPWfJOnzWPz3dFw+lMSnBMpuWaZSo032FxSQIgm5bp0WcwaO vAnooxrtYsrGRPuoYVDna6p9Hegcnh113CKYFUGeb/HMieiSzTzw/vcDi/bsDWsx HRfChg89LnsLlxhA78zNS/NniqiT+A9NlnRQZkUMJ6qcgbjvHNQ3VAZ99KyNfvLE F02ImnhPkMteDewiyTjawKJ2b0w/PzgPRVCGykzNbUBCV+7eAX1UQL3MTa1aEBPa pkyXGvzMpT0n4DdQgnK/Bf5KMm/OB3WZZnlAa8VJwc5+e/7YFeEzyrR0bxLtO9z/ waV2IMUlT7IUsAZ51CeN4ZxjCqsiapvlOxtQxH1U3G/SlMxBvwz11rNAD3nBXELp bZrl6xZZd3nhKC5NGlvF2kJ1hLMymBHztAk94FhE56nKS3g1BuZGQeDASNhl+d1E hz3gkq2TkOM8slErE59gT0B9xDPs6qFh6jQdGZsd1afI5S2XeX3Lr0CYEl/pqP4Y +qvMlUTr7q/XR4+/L92sib5a+6sN8gr/TCwAckdTG1B1gWU4v1BloP+ZBFnTub4j PNp9ccd3km6mIsZ5l4UUETGraX1UOTOBjVOANHYZz9o7kQBs1jTb1smrhYrRe8O/ o3lcUpy070Xi5+rE0VjIatdjcqBiYTAH/ctgoMNRJPxjHoVAN2g= =kwRH -----END PGP SIGNATURE-----
