-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 06 Sep 2016 15:52:01 +0200 Source: roundcube Binary: roundcube-core roundcube roundcube-mysql roundcube-pgsql roundcube-plugins Architecture: source all Version: 0.7.2-9+deb7u4 Distribution: wheezy-security Urgency: high Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org> Changed-By: Raphaël Hertzog <hertzog@debian.org> Description: roundcube - skinnable AJAX based webmail solution for IMAP servers - metapack roundcube-core - skinnable AJAX based webmail solution for IMAP servers roundcube-mysql - metapackage providing MySQL dependencies for RoundCube roundcube-pgsql - metapackage providing PostgreSQL dependencies for RoundCube roundcube-plugins - skinnable AJAX based webmail solution for IMAP servers - plugins Closes: 775576 776700 822333 Changes: roundcube (0.7.2-9+deb7u4) wheezy-security; urgency=high . * Non-maintainer upload by the Debian LTS team. * CVE-2016-4069: Cross-site request forgery (CSRF) vulnerability allows remote attackers to hijack the authentication of users for requests that download attachments. Closes: #822333 * CVE-2014-9587: Multiple cross-site request forgery (CSRF) vulnerabilities allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to address book operations or the ACL or Managesieve plugins. Closes: #775576 * CVE-2015-1433: Cross-site scripting (XSS) attacks via the style attribute in an email due incorrect string quotation logic. Closes: #776700 Checksums-Sha1: 357a56d4b7c6ab4cbfa77537791e3fc8fc0ef50f 1901 roundcube_0.7.2-9+deb7u4.dsc ae14f0d8725ff2581f3cb177eac7e363ca297a0e 63765 roundcube_0.7.2-9+deb7u4.debian.tar.gz 7702ecd465b29d3bd2085f68e7b8e4f9e046089d 1027548 roundcube-core_0.7.2-9+deb7u4_all.deb f5a0998c63b36f20b124168fdad574db12d0532a 28322 roundcube_0.7.2-9+deb7u4_all.deb 672563abfb40ba511bad1121ae8fdb3e36c9c063 28270 roundcube-mysql_0.7.2-9+deb7u4_all.deb d455ab06b1d315bc7e954bdb0ee6328e691fb0ee 28268 roundcube-pgsql_0.7.2-9+deb7u4_all.deb cdbf95c2234b993d0593ab6382b56fae1de77039 325140 roundcube-plugins_0.7.2-9+deb7u4_all.deb Checksums-Sha256: 93a32f67247656374c906a0911643529f960511c2afb025f3c57608564122310 1901 roundcube_0.7.2-9+deb7u4.dsc 43230e9516b3bf3a8bf96153332ea37522c3e6fd9c060e853cd34d4a53ad6eec 63765 roundcube_0.7.2-9+deb7u4.debian.tar.gz 41ecbae2a9bd14289c4cebc78e84f996e01ef29792266d8678b13ad8cdbdb335 1027548 roundcube-core_0.7.2-9+deb7u4_all.deb a86d1d6ac13687b9f768ebdfe25670f6b1acee6fcbcb5619967671bddba3b475 28322 roundcube_0.7.2-9+deb7u4_all.deb 8269fe6cea3ec8a6e31e81ba7411c2297366084b823c3758aa66c6f028c8b0a1 28270 roundcube-mysql_0.7.2-9+deb7u4_all.deb 6bfe84dfe5e4d574af7a50a6f874f59d2a411f7b4e884f75bd74256a478fa948 28268 roundcube-pgsql_0.7.2-9+deb7u4_all.deb d52818f96c10e7623db553eb17ef6d7c79df64bfc1ea33e617dbe55846e31ffb 325140 roundcube-plugins_0.7.2-9+deb7u4_all.deb Files: 56c73730abf4cf31169f5ad0aa99d6ab 1901 web extra roundcube_0.7.2-9+deb7u4.dsc e64cf123c873214c6ecf09a48e424400 63765 web extra roundcube_0.7.2-9+deb7u4.debian.tar.gz eccec18f2e6723d4c25c71e916aedcc9 1027548 web extra roundcube-core_0.7.2-9+deb7u4_all.deb f60e12c5c9a67a4aa528fcfba6b41231 28322 web extra roundcube_0.7.2-9+deb7u4_all.deb 6f2dc9a956a22d8ac8e6741d25efba4a 28270 web extra roundcube-mysql_0.7.2-9+deb7u4_all.deb 7dca62772caf07a7cd13fbde7456dd9f 28268 web extra roundcube-pgsql_0.7.2-9+deb7u4_all.deb 3def5050a849859e3a12609143c97c78 325140 web extra roundcube-plugins_0.7.2-9+deb7u4_all.deb -----BEGIN PGP SIGNATURE----- Comment: Signed by Raphael Hertzog iQEcBAEBCgAGBQJX0S26AAoJEAOIHavrwpq5Q0IH/Ro6yAvUDY47En/fdwoUh3W8 GoNEO/U/+g2DsH/nBePxZ6Omnch2zTPB52AarQjVmeLyhi0Ln/p6sFM1yvSV5sFO GgqI+GVReWBmnWjUTMTn3X6pcqM0ojuUbp9y14C8osHWtQmqljZmUoQlOYzX5oTf F+RW6yF+gsvEZAPnP9So4blcMTdVvyl/RfVnMF8d41XykdIfKzJItZTAk+mkd6wL NeYZbyrVn/WEkjIZJRcpUVs9H0H04TqNftgHAe1omDyLBzncI32JGwhiGB3md/0p xUePdBTQ5Ne5LkKNA92iu0pny8iT0ih9opFWm81x3OMar5na4MHUj8hqVrTqNjw= =CbBG -----END PGP SIGNATURE-----
