-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 16 Dec 2025 09:10:17 +0100
Source: roundcube
Architecture: source
Version: 1.6.5+dfsg-1+deb12u6
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@alioth-lists.debian.net>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 1122899
Changes:
 roundcube (1.6.5+dfsg-1+deb12u6) bookworm-security; urgency=high
 .
   * Cherry pick upstream security fixes from v1.6.12 (closes: #1122899):
     + Fix CVE-2025-68461: Cross-Site-Scripting vulnerability via SVG's animate
       tag.
     + Fix CVE-2025-68460: Information Disclosure vulnerability in the HTML
       style sanitizer.
Checksums-Sha1:
 7f9334c0d8343928c6bef5cf9c9b577c8baa38d3 3833 roundcube_1.6.5+dfsg-1+deb12u6.dsc
 c5d5753d0b56acc070690e4a3faa8dad4cfd2895 122908 roundcube_1.6.5+dfsg-1+deb12u6.debian.tar.xz
 2db009416e3d9da8040c4d2cf7c45af5dee4625f 6276 roundcube_1.6.5+dfsg-1+deb12u6_source.buildinfo
Checksums-Sha256:
 defc01295b8f8ddce4d4991106b822f6feec092a3d8e09acb984ea27c42f6c6f 3833 roundcube_1.6.5+dfsg-1+deb12u6.dsc
 b2bfb2b954e7a96a1df08582374d0a5f6229161c73fad7dcbeb0fccdcf8d674f 122908 roundcube_1.6.5+dfsg-1+deb12u6.debian.tar.xz
 b00095ce407d281f6aa429ddf9ecbe9fc405bc79df5e89056ef95ab5cbf08e68 6276 roundcube_1.6.5+dfsg-1+deb12u6_source.buildinfo
Files:
 cd28e6c26a21bbed14ca848a782f0caa 3833 web optional roundcube_1.6.5+dfsg-1+deb12u6.dsc
 ffd59e03844d04e1c02c6a4e2a7b767f 122908 web optional roundcube_1.6.5+dfsg-1+deb12u6.debian.tar.xz
 8c06c00ae109272ce4e783929381eda8 6276 web optional roundcube_1.6.5+dfsg-1+deb12u6_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmlD830ACgkQ05pJnDwh
pVIjhA/9F5q5Rwe5qL32jmW03xQvvklMbFk5uqhiiXK1TtpfFfiQKDtInFkFUU7y
zq3ZpBAjiEXzcd8axztsrwUawddCwqBbs46joffL/nwITHrJd+1LJ/PszXXHLw4I
m19ykMyqDHzAHd8Fm7EBVypqXtPLVdQRRcKAkwY/OeVUM5vnrhd7p3brP6pRf0Th
j5/bU7EvJaOMtaKfGd0Ng9tQmF+P4XNZSKSIlb/nNSbseYg7P3nNXF1poiAlFUlS
lwgOHLpV1uEubVYIoiZ0uG4COjJX4VaywZIOEdXtrP6qcBvNTSRv8EH8EpOZ9Dx3
HjxwWpVRw9b5wVIszCHpjixgkgj81J8HCDHLzw3EYuZG5yeKYz4PYXPzUlWZQg5m
8Y9JfdQeb3R+umOqt12wSMrKzo2b4YWcb+mNuPxOUt8milwwutYZrVeAnIdi9PuO
eDckHeQnV18uzGDC+jfGT2/v7bEj3VuXfQX/bxAeFnjBnS8wPpngiKyo1fKDf89V
ez4+NlLh8x8QR1U/g5zOyqU0dbb5BnkFfde7I7AYOVvcgH0MqC1P8j28aNidboIC
/QyU6wWBtj0skYcjjXIFFwAfxmXAfy+t2WlmwtRxRvS2u+7+4MYXiSHal1AxSvqj
QaGoUXX8DU7i00mqXfGzaRVsXsUHD37LVGOQ5V7pFa+jHmWHZ30=
=YiDB
-----END PGP SIGNATURE-----