-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 21 Apr 2018 01:51:56 +0200 Source: roundcube Binary: roundcube-core roundcube roundcube-mysql roundcube-pgsql roundcube-sqlite3 roundcube-plugins Architecture: source all Version: 1.2.3+dfsg.1-4+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org> Changed-By: Guilhem Moulin <guilhem@debian.org> Description: roundcube - skinnable AJAX based webmail solution for IMAP servers - metapack roundcube-core - skinnable AJAX based webmail solution for IMAP servers roundcube-mysql - metapackage providing MySQL dependencies for RoundCube roundcube-pgsql - metapackage providing PostgreSQL dependencies for RoundCube roundcube-plugins - skinnable AJAX based webmail solution for IMAP servers - plugins roundcube-sqlite3 - metapackage providing SQLite dependencies for RoundCube Closes: 895184 Changes: roundcube (1.2.3+dfsg.1-4+deb9u2) stretch-security; urgency=high . * Backport fix for CVE-2018-9846: When the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter to perform an MX (IMAP) injection attack. https://github.com/roundcube/roundcubemail/issues/6238 (Closes: #895184). * Backport fix for CVE-2018-1000071: Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. https://github.com/roundcube/roundcubemail/issues/6173 Checksums-Sha1: 6a359e829f19c379e762181ab75c627371bc4c42 2472 roundcube_1.2.3+dfsg.1-4+deb9u2.dsc df776bd2def41a0ed99bd55f5ec8f0fe73610fec 4445436 roundcube_1.2.3+dfsg.1-4+deb9u2.debian.tar.xz 4d468f1f8efe884df521d169a338141196a43c47 2112714 roundcube-core_1.2.3+dfsg.1-4+deb9u2_all.deb cf178dbb7f6d83dabacf99718ec2ddade77eb786 71110 roundcube-mysql_1.2.3+dfsg.1-4+deb9u2_all.deb 7aab15d4fd6b8e9a7c0e5d3596ab881e779583e6 71084 roundcube-pgsql_1.2.3+dfsg.1-4+deb9u2_all.deb 443b7997b07f05589b18807fd5daa73be3089694 661412 roundcube-plugins_1.2.3+dfsg.1-4+deb9u2_all.deb fdaa7773b982bd735bfb60aebec5fdaadbe558b3 71066 roundcube-sqlite3_1.2.3+dfsg.1-4+deb9u2_all.deb 1e3bc631574f54f36097fedef70bdb43d6d68f7c 1380 roundcube_1.2.3+dfsg.1-4+deb9u2_all.deb 615fcce7c02eee2a1663b691eda976375cb49140 9513 roundcube_1.2.3+dfsg.1-4+deb9u2_amd64.buildinfo Checksums-Sha256: 78d77a87e616607ac6adeb0c0e8994d50fdd1373d7dd36913d871247f7092814 2472 roundcube_1.2.3+dfsg.1-4+deb9u2.dsc 85746595e5f4da97b08901816975bfd519995cceab206ba2436d00eddf562329 4445436 roundcube_1.2.3+dfsg.1-4+deb9u2.debian.tar.xz 102c099eaed4147568d574175052805e54ecf46d6db2f37553a7e66e878fb0c8 2112714 roundcube-core_1.2.3+dfsg.1-4+deb9u2_all.deb 2cd413915315cc5169cf42da7d16ef32a2a706700578b32eb97172b4b459d6a5 71110 roundcube-mysql_1.2.3+dfsg.1-4+deb9u2_all.deb 8ff0d988bd52537c39ab9879bab24910e2ba0efed3dc1fbf5e1c74d5a1a6b5ed 71084 roundcube-pgsql_1.2.3+dfsg.1-4+deb9u2_all.deb ddb9b1543847246118b5686cfded13f2564d5e022ab3ca4c478c33d7a354b070 661412 roundcube-plugins_1.2.3+dfsg.1-4+deb9u2_all.deb 213c03d7c6c9a1adef3f7683b50868f0461a77ed2a99833c80bc998b2899dda8 71066 roundcube-sqlite3_1.2.3+dfsg.1-4+deb9u2_all.deb 38228583be070eb7d7bb5b4b43d62bac42b3a3df4649532ac7d3646abd6e9594 1380 roundcube_1.2.3+dfsg.1-4+deb9u2_all.deb 19ad44aa0dbfc429114aa380dbb4a04b9a8c5d16d83118edf0edfb8161f863fd 9513 roundcube_1.2.3+dfsg.1-4+deb9u2_amd64.buildinfo Files: 97f929955f2f98ca4e0baad7e6154e54 2472 web extra roundcube_1.2.3+dfsg.1-4+deb9u2.dsc 80cf31a9d2867bf404e2bbe04d979319 4445436 web extra roundcube_1.2.3+dfsg.1-4+deb9u2.debian.tar.xz de73f437b188f4727c099fdd75602313 2112714 web extra roundcube-core_1.2.3+dfsg.1-4+deb9u2_all.deb 794318b8bdfca315380c518d330bd491 71110 web extra roundcube-mysql_1.2.3+dfsg.1-4+deb9u2_all.deb 8252b10a26065fd702cca874ab567adf 71084 web extra roundcube-pgsql_1.2.3+dfsg.1-4+deb9u2_all.deb e5c5cebd124c2e39fac8cb78f718377e 661412 web extra roundcube-plugins_1.2.3+dfsg.1-4+deb9u2_all.deb cad461c3e434946277e0f520651d291a 71066 web extra roundcube-sqlite3_1.2.3+dfsg.1-4+deb9u2_all.deb 33ec5b958c270b46f4b40d38675a59a3 1380 web extra roundcube_1.2.3+dfsg.1-4+deb9u2_all.deb 706cf12e10b0f9a80d3d846b67e4d2ff 9513 web extra roundcube_1.2.3+dfsg.1-4+deb9u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAlrafpEACgkQ05pJnDwh pVKx4RAAvrkMs6IKtOdJ8+PyE0ZNNOBsYTonwBnNyO3MzTPxBKbssdOHWFPnDz9E k4XqkmCPazpz6G7D31LGanOuYFsxJVI8CxuZw42hKYYlHTyjRmq0qnwZzKXZ/NmK /zMzysRfpAbgcX5Q9fgwoq+yy0uVGpd+zogftkDybLkX1GpaGWDeroTSTZovdzlh WVyPD+im+xy2f1bHHF13aDQEruwAWelNLzfRAoAViuyzAhJ2ohRlBcXiPNBT5pOY T4nPvFItlZaH/dCUHh3UI13Ro2nYa4ouRVCJVK+ZhLAxUhj5lFkizcDiepQUAPIi 5PcTZUGachTBTy+uEcDuP3b8zmDlKkFoR0Wmt7b5J2YFnZxNr/acOZlpz135YGkb SHb0mbO0+5zInX876r6bYS1wpry3qZEp7xJAsfia5Q69vhtfQxRFWWY2k/QPlPWX WotHGzGx79qCNHbrB5d0rtc8Fqz6gx1OoO8JlXdGdjMNsP+Msq3d7hxV0xQFXWTD Hc6sVmaOizMuWzwJsHW4RsgyF/ridGAEfYx923dhqqPtUC1iniaUTi6WMpYvpf4x Ffd4WGmjIvI+lVsWHeaHdRt2d+0EdZFPUQMII302z8pDCNDUqw/GzleRKhD+YEdf V3F5+5S1BUACyO1fScIM+YkSTqYxT3gtTBRJgRLBp7H2YLW3XDc= =k6Vi -----END PGP SIGNATURE-----