roundcube (1.6.7+dfsg-1) unstable; urgency=high
* New upstream bugfix and security release (closes: #1071474):
+ Fix command injection via crafted im_convert_path/im_identify_path
on Windows.
+ Fix cross-site scripting (XSS) vulnerability in handling list columns
from user preferences.
+ Fix cross-site scripting (XSS) vulnerability in handling SVG animate
attributes.
+ Fix PHP8 warnings.
* Update Standards-Version to 4.7.0 (no changes necessary).
* Refresh d/patches.
-- Guilhem Moulin <email address hidden> Sun, 19 May 2024 23:20:59 +0200