-
roundcube (1.6.2+dfsg-1ubuntu0.2) mantic-security; urgency=medium
* SECURITY UPDATE: Cross-site Scripting
- debian/patches/CVE-2023-47272.patch: Fix cross-site scripting
(XSS) vulnerability in setting Content-Type/Content-Disposition for
attachment preview/download
- debian/patches/CVE-2023-5631.patch: Fix cross-site scripting (XSS)
vulnerability in handling of SVG in HTML messages (#9168)
- debian/patches/CVE-2024-37383.patch: Fix cross-site scripting
(XSS) vulnerability in handling SVG animate attributes
- debian/patches/CVE-2024-37384.patch: Fix cross-site scripting
(XSS) vulnerability in handling list columns from user preferences
MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-
Transfer-Encoding: 8bit
- CVE-2023-47272
- CVE-2023-5631
- CVE-2024-37383
- CVE-2024-37384
-- Allen Huang <email address hidden> Thu, 20 Jun 2024 11:48:48 +0100
-
roundcube (1.6.2+dfsg-1ubuntu0.1) mantic-security; urgency=medium
* SECURITY UPDATE: cross-site scripting vulnerability
- debian/patches/CVE-2023-43770.patch: Fix cross-site scripting (XSS)
vulnerability in handling of linkrefs in plain text messages
- CVE-2023-43770
-- Nishit Majithia <email address hidden> Fri, 23 Feb 2024 10:31:46 +0530
-
roundcube (1.6.2+dfsg-1) unstable; urgency=medium
[ Amin Bandali ]
* Test suite: Adjust short date test to make it work with all ICUs.
(Closes: #1030161)
[ Remus-Gabriel Chelu ]
* Add Romanian debconf templates translation. (Closes: #1033468)
[ Guilhem Moulin ]
* New upstream bugfix release.
* d/gbp.conf, d/README.source: Remove obsolete comment.
* d/sql/mysql/1.3.0-1: Move inline comment.
* d/p/fix-short-date-test-icu72.patch: Remove patch applied upstream.
* Refresh patches.
-- Guilhem Moulin <email address hidden> Sun, 02 Jul 2023 11:54:33 +0200
-
roundcube (1.6.1+dfsg-1ubuntu1) lunar; urgency=medium
* Test suite: Adjust short date test to make it work with all ICUs.
(Closes: #1030161)
-- Amin Bandali <email address hidden> Wed, 01 Feb 2023 10:03:55 -0500