1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted roundcube 1.6.5+dfsg-1+deb12u3 (source) into proposed-updates

    From Debian FTP Masters@21:1/5 to All on Sat Aug 10 19:40:02 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Tue, 06 Aug 2024 16:02:54 +0200
    Source: roundcube
    Architecture: source
    Version: 1.6.5+dfsg-1+deb12u3
    Distribution: bookworm-security
    Urgency: high
    Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@alioth-lists.debian.net>
    Changed-By: Guilhem Moulin <guilhem@debian.org>
    Closes: 1077969
    Changes:
    roundcube (1.6.5+dfsg-1+deb12u3) bookworm-security; urgency=high
    .
    * Cherry pick upstream security fixes from v1.6.8 (closes: #1077969):
    + CVE-2024-42008: Cross-site scripting (XSS) vulnerability in serving of
    attachments other than HTML or SVG.
    + CVE-2024-42009: Cross-site scripting (XSS) vulnerability in
    post-processing of sanitized HTML content.
    + CVE-2024-42010: Fix information leak (access to remote content) via
    insufficient CSS filtering.
    * Cherry pick further upstream changes from v1.6.8:
    + Fix fatal error when parsing some TNEF attachments.
    + Fix bug where an unhandled exception was caused by an invalid image
    attachment.
    + Fix infinite loop when parsing malformed Sieve script.
    + Fix bug where imap_conn_option's 'socket' was ignored.
    Checksums-Sha1:
    745d8202211278dff06f4206d06f9a62e1929c8a 3833 roundcube_1.6.5+dfsg-1+deb12u3.dsc
    ab7db7a6805b1892ece174c3ea011df9c0c607ca 119360 roundcube_1.6.5+dfsg-1+deb12u3.debian.tar.xz
    fc151fed1d0261a1d752380fc32aa35acc6b6dff 14215 roundcube_1.6.5+dfsg-1+deb12u3_amd64.buildinfo
    Checksums-Sha256:
    05dc579c8ae58dcde33c90501eada1b259ce5faefa2357cdf1cdb6a8d51a946f 3833 roundcube_1.6.5+dfsg-1+deb12u3.dsc
    e8a60d68e4def4ce034aca3dc3fd59f67185a98f408329155565985e7d638e6f 119360 roundcube_1.6.5+dfsg-1+deb12u3.debian.tar.xz
    29acd0c922ffde454739088d88f13a17fadb48a200a341bab0e1f7ccd784f44e 14215 roundcube_1.6.5+dfsg-1+deb12u3_amd64.buildinfo
    Files:
    061ad7c1808273d438dfc7f77d953135 3833 web optional roundcube_1.6.5+dfsg-1+deb12u3.dsc
    db41a1315aea78b3c2300192b7e878cd 119360 web optional roundcube_1.6.5+dfsg-1+deb12u3.debian.tar.xz
    d2ae2bb5c4b6ba9788a72de5d92f4a3e 14215 web optional roundcube_1.6.5+dfsg-1+deb12u3_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmayLsAACgkQ05pJnDwh pVL2mxAAt+6z7rXfuNSOjklv29W+cssixDgpne+QqWuFVFKKTYAsVZ7AvcXSb1uf p+H01ZCW+GVLz0Z+ms1v+xqOlkVbxAVrhmnOrSOwbrlAEGjJG+limoLXm0ySi2fF /OHsMXQpMwz+tMBvXj6RM25FzTeI8T015DHhIrDhIl/bgaa0pfeQV1VPmLSpTro4 zCsl36V9AneX2c8AH8jN4iwj7ZzVOjaCqwyauZBIJ+JCnJoCP+NadQqLYLrhM2yG F5Q3ouEROtallIGdmq/c9S5d/WwCshpjUu0s23xGo+ACrdMKPIIqHxS5TXmKMyvM 7sbEgL1QzKAAmA2SSr3K4yG5xNy9T4BRHcOQLgyv7BG01W2SB9fTIn2YhrmFaMXh Cx9sUYHxZsI2Kx8ip1O7/KXTbfS6pJjVKcOO7gJYvvKdBYtVR+G8WqRxLI5u0vgw YN87Z59M+kQGiBMeCTCh2vf3HB7sPWqKcQDQz0bfZv/VdAsF6XYI7r/Lgi5ps/jZ 773CnvpVil4Wv3zskQAZVbhmpt99VMnkEyzCVk04kWruMQAcagGM+cqoswTqT5Ge OA+5SAKGkKo1vkX5to6zCIjhs8lkpCki89fSM1ZqRcjw+6qiw5qgBUZpqPoi+sMn L1b0Tdy7I7kp45heZnE2ZXqsbEBIl31yiyk4EKknbcktEIRq0c0=
    =Oro8
    -----END PGP SIGNATURE-----


    --==============d18067559369561261=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZrekXwAKCRCb9qggYcy5 IVfUAP9M3djk2+B1xC5UZzGKAFvG1+//JeUmm1LrMmL8WWpXXgD7Bk/K+qBSAWS/ VBzpInz7zae5QCNAh3r+4a/ducJegQ8=oqRq
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)