-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 16 Dec 2025 09:10:17 +0100 Source: roundcube Binary: roundcube roundcube-core roundcube-mysql roundcube-pgsql roundcube-plugins roundcube-sqlite3 Architecture: all Version: 1.6.5+dfsg-1+deb12u6 Distribution: bookworm-security Urgency: high Maintainer: all Build Daemon (x86-csail-02) Changed-By: Guilhem Moulin Description: roundcube - skinnable AJAX based webmail solution for IMAP servers - metapack roundcube-core - skinnable AJAX based webmail solution for IMAP servers roundcube-mysql - metapackage providing MySQL dependencies for RoundCube roundcube-pgsql - metapackage providing PostgreSQL dependencies for RoundCube roundcube-plugins - skinnable AJAX based webmail solution for IMAP servers - plugins roundcube-sqlite3 - metapackage providing SQLite dependencies for RoundCube Closes: 1122899 Changes: roundcube (1.6.5+dfsg-1+deb12u6) bookworm-security; urgency=high . * Cherry pick upstream security fixes from v1.6.12 (closes: #1122899): + Fix CVE-2025-68461: Cross-Site-Scripting vulnerability via SVG's animate tag. + Fix CVE-2025-68460: Information Disclosure vulnerability in the HTML style sanitizer. Checksums-Sha1: 7dea95a87472bd8645e3c0b2eed55537899b304f 4698540 roundcube-core_1.6.5+dfsg-1+deb12u6_all.deb d7c88f64dfc37454edcf64bb9fb73aef5caf67dd 95448 roundcube-mysql_1.6.5+dfsg-1+deb12u6_all.deb 6102ebf2a37db791cec0d065f722b52cc6de92b2 95428 roundcube-pgsql_1.6.5+dfsg-1+deb12u6_all.deb a8e0b51aded4d876d23e520f9f40e626c3a9fcf8 777056 roundcube-plugins_1.6.5+dfsg-1+deb12u6_all.deb f2a6c4f5f79a5886cc86b2137f7c276ca887d939 95404 roundcube-sqlite3_1.6.5+dfsg-1+deb12u6_all.deb 1e0f06d23012791f31d07638b68605a44a385973 14074 roundcube_1.6.5+dfsg-1+deb12u6_all-buildd.buildinfo 1a34dd2bc67fc131f90f6a25a94b7ae1f3ad117f 1292 roundcube_1.6.5+dfsg-1+deb12u6_all.deb Checksums-Sha256: 6c0169617e788d2ff74e68c0b9454dc1f0a779ae3a26c85f8bfa7ecf1263cecd 4698540 roundcube-core_1.6.5+dfsg-1+deb12u6_all.deb 41d91b047bb7f266d6a43d584512723f3b4f024e1951d1fe4cca2e4401e4cd30 95448 roundcube-mysql_1.6.5+dfsg-1+deb12u6_all.deb 05c584aabc4f77523dae2bb89a4805d212be200a838c1102bb524f59e9723368 95428 roundcube-pgsql_1.6.5+dfsg-1+deb12u6_all.deb 4f29d1803b2bc87cf3386c7ff4b24fda350614f0031b1ee3e796d7af6ad081ab 777056 roundcube-plugins_1.6.5+dfsg-1+deb12u6_all.deb 00d9ad2a4a9cc824d431a9723843391f8a1aa4758614dec714996df276c988df 95404 roundcube-sqlite3_1.6.5+dfsg-1+deb12u6_all.deb 50ab7df6bf9e495f514da25f31e97620a00d7643d22d473f3708953ce7903b5e 14074 roundcube_1.6.5+dfsg-1+deb12u6_all-buildd.buildinfo f68820d1ffbf933d54a6dbde951ed6117ccba937c49aca5184d9635abee57082 1292 roundcube_1.6.5+dfsg-1+deb12u6_all.deb Files: be991054024c37a6ac8619d16e3a7f14 4698540 web optional roundcube-core_1.6.5+dfsg-1+deb12u6_all.deb def9818f75bc6862c349a954a3e5522b 95448 web optional roundcube-mysql_1.6.5+dfsg-1+deb12u6_all.deb 07816e493abbc490d1d301c55daecf95 95428 web optional roundcube-pgsql_1.6.5+dfsg-1+deb12u6_all.deb 235656c38eff5961e72b0b8c70c3ecf0 777056 web optional roundcube-plugins_1.6.5+dfsg-1+deb12u6_all.deb c8b6ef897331b007ca79fb433577ea4c 95404 web optional roundcube-sqlite3_1.6.5+dfsg-1+deb12u6_all.deb 13de1971c44032587367fe6f12a57e7e 14074 web optional roundcube_1.6.5+dfsg-1+deb12u6_all-buildd.buildinfo daa8205a086285dcbec95d79190c63db 1292 web optional roundcube_1.6.5+dfsg-1+deb12u6_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEELusn8jY95Sf7obGlx30Wh8LXl/YFAmlEeVEACgkQx30Wh8LX l/Y71Q/+OL7BA3f7BKwGSSx66q+AYR007NUFTTQoWmUUdk2jRuB1J8Kcwt8cFwHM eVRTJpT25tnkvQpAdy8mEDs+9wRXORIKeDAXUKTLpYFX0lVqvAjRO9GSXBFrGkpL TN1uKQmOe4plhk43nIQ1beS2DbZbFUFoRHFCIOnzARfVVSSzBAi0uSVOL2AEQkHQ sDH80YCB1mfknRCsy3eR0L/itX4cWgCzhzhQjWdkqu6GYM1pfLprx7CX8STs4yYK 55NaQbFJAghbIdZgqh8SF6ik30rsp/ie/ZVMSX3voniMXvt5oa4INV26GgPEBhET D37C4wuZZYlWiBvPEH+Yl53kReI7ltDYkePGYCHGg9uDozX2a047DRVc4x0kljPZ 8Tmzv/dEMlSooMdFosGpgYL2rrlT6/LEdTCz6Zl1uwTREsG8P646uFSpN5Y/XaV7 dZ+sDH1XNvvT6GqGhULTl1pt9/KX6CZV9aynVz+Ycb4nrt7X8tVU6RHYt/JzgjEx 5ZwxYpmo16EgBRXTndG+Z7XoKObv2taM0nag7uwvJ/JRACh4pccrd6VuVRvpwYyF D7xpzSb5xqapNYkFrF3kGFUSICbLd2kikmz2T6DvNAyf/MjSvYJjTZbp1QfSiNuO XDj4MPuxOrwEOrOYthPcsoX11HCGnfWdPwRRR8iCpycNDpnz1qo= =b4wc -----END PGP SIGNATURE-----