-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 17 Feb 2026 10:37:11 +0100 Source: roundcube Architecture: source Version: 1.4.15+dfsg.1-1+deb11u7 Distribution: bullseye-security Urgency: high Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@alioth-lists.debian.net> Changed-By: Guilhem Moulin <guilhem@debian.org> Closes: 1127447 Changes: roundcube (1.4.15+dfsg.1-1+deb11u7) bullseye-security; urgency=high . * Backport upstream security fixes from v1.5.13 (closes: #1127447): + Fix CVE-2026-26079: CSS injection vulnerability. + Fix CVE-2026-25916: Remote image blocking bypass via SVG content. + Improve fix for CVE-2025-68460. Checksums-Sha1: 20ddec431a265607d419d7cd0ed334c8bb64eaa5 3276 roundcube_1.4.15+dfsg.1-1+deb11u7.dsc fb0b5deacca5863d37a0b10c3771f27c91d4545e 128840 roundcube_1.4.15+dfsg.1.orig-tinymce-langs.tar.xz a53c61b8ec041aa5a15be0da438a990a34acc072 889052 roundcube_1.4.15+dfsg.1.orig-tinymce.tar.xz a3591df13cae970b04c53651221f316ba521c473 2976560 roundcube_1.4.15+dfsg.1.orig.tar.xz 888acffd3df595984774a05bf3ec1753e39ab52b 115648 roundcube_1.4.15+dfsg.1-1+deb11u7.debian.tar.xz d8be55460e7ceaffb7da146939be495ea5962c75 5872 roundcube_1.4.15+dfsg.1-1+deb11u7_source.buildinfo Checksums-Sha256: 7a1d1ac806d8cf3001f50596ded0828dff8725c95f32235b116b58113b90d9a2 3276 roundcube_1.4.15+dfsg.1-1+deb11u7.dsc d1806e62b75b5e2c8bbbce987abd3eae874f205dd560ad8f6f02a2171c8cf23a 128840 roundcube_1.4.15+dfsg.1.orig-tinymce-langs.tar.xz b61678512254fc2af25a42ac689ac6df69bdf6d15d7aea6e9001c8868653ee74 889052 roundcube_1.4.15+dfsg.1.orig-tinymce.tar.xz f56e664cddb698cf0eeefb1a34dd495ce0e6d29643b2e2ec0ae5cb9c6342882f 2976560 roundcube_1.4.15+dfsg.1.orig.tar.xz 77a7095579ee4457865394dfab04221979d6e6b83716e7a28643adff412b2980 115648 roundcube_1.4.15+dfsg.1-1+deb11u7.debian.tar.xz cba57b1b76fbc6a1154be066ab21e66b3e61aec7fa8beebe878744cc94131325 5872 roundcube_1.4.15+dfsg.1-1+deb11u7_source.buildinfo Files: ae57fb010a73916975a9f3251dbb643e 3276 web optional roundcube_1.4.15+dfsg.1-1+deb11u7.dsc 450c693c68d2642b15356d06255a0d4c 128840 web optional roundcube_1.4.15+dfsg.1.orig-tinymce-langs.tar.xz 5b440fff53353d7c0ad73292c1cfe6e2 889052 web optional roundcube_1.4.15+dfsg.1.orig-tinymce.tar.xz e98d3d252094ea231c3b02a3ff39471a 2976560 web optional roundcube_1.4.15+dfsg.1.orig.tar.xz dcacc69a4b5700df0006fe245abf8a42 115648 web optional roundcube_1.4.15+dfsg.1-1+deb11u7.debian.tar.xz 2addfdefbcfcab05e457b13acdd2727d 5872 web optional roundcube_1.4.15+dfsg.1-1+deb11u7_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmmURIIACgkQ05pJnDwh pVIkyhAAlbI07N8mz144C7r5+Wt4UL4eKVKA3dJ49vphuVtaBKlwIkZjpdRWXR1A YChKwFeYayGAea1rXa3kYu9/RQ/qMgMRj0pKuPeyHJ6g4wd2K16kCwifxwj0BEKs KEoH8BWpnPNPxCWdVoE0O4uErXKBHjSqHSALbywkUQHjkHDbS4BNYn9nSlWgAMF+ 3GRabbCIPk5EQ6biN2pVzF/IXeI+MgjZjFWFlcrAlnliyCgzl/gJVuJc/UbiMQkp wIlJ7kXtRMVxXVF0fVnQOG3MZqThsscPF0D1q98x5gZWlGZ1Vnj5M4TD9RschgeZ 0mCfB2cqWJP+XxMKHxZEvuNTPF0MSAtFyoAVOYGWFM4MIN+8pHeCxPFiDfg5CAyp my/WTIejO++srUepbnE0yRhRmYHONt/vAfphnZfw2Bg3wjAG3+X5VJqWrqT4P0VA 7m/CX55zEucbH2qJ1gSgKsDNJpt+OiEhM91c/q8F/ssCLRmfogosP469Py3rULE6 J+HMT0+xZCVRPZngp7vjZoGYxF9bG14bOzNl29p5JSCk9RHgrVNmuGOTqxzoMDlF 7MCF8CgwUkslzvAfu9KqHAGn0dL5ZLvdM5tmN9o18aGWoG7ZJl7bt9MIKkNASM4K 6gUdBWAWdeeF+1GJ9eQ44TV7uUYqXLHSXLu1WVcHkfoehJB+5h8= =netn -----END PGP SIGNATURE-----
