Accepted roundcube 1.4.12+dfsg.1-1~deb11u1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 18 Nov 2021 20:07:03 +0100
Source: roundcube
Architecture: source
Version: 1.4.12+dfsg.1-1~deb11u1
Distribution: bullseye
Urgency: high
Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@alioth-lists.debian.net>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 1000156
Changes:
roundcube (1.4.12+dfsg.1-1~deb11u1) bullseye-security; urgency=high
.
* New bugfix/security upstream release (closes: #1000156), with fixes for:
+ CVE-2021-44025: XSS issue in handling attachment filename extension in
mimetype mismatch warning; and
+ CVE-2021-44026: possible SQL injection via some session variables.
* d/gbp.conf: Rename upstream branch to upstream/release-1.4.
* d/salsa-ci.yml: Set RELEASE=bullseye.
* Refresh d/patches.
Checksums-Sha1:
c33d720d130bedec22e7defb1ffb5156cf95801e 3273 roundcube_1.4.12+dfsg.1-1~deb11u1.dsc
25701f11c971057a6052d02b264f731d15ae42c0 128880 roundcube_1.4.12+dfsg.1.orig-tinymce-langs.tar.xz
e6ed8e54e92f75a8101f63b302b42850e980df17 889096 roundcube_1.4.12+dfsg.1.orig-tinymce.tar.xz
fa176ba23daba11d93f33c19ba032c34964ffa55 2975816 roundcube_1.4.12+dfsg.1.orig.tar.xz
688b741b08dda371f6560253359a0f79ad402a1f 90680 roundcube_1.4.12+dfsg.1-1~deb11u1.debian.tar.xz
fb605b4bad52ad2b359a1c0339b0f7c4cbdf40a1 10569 roundcube_1.4.12+dfsg.1-1~deb11u1_amd64.buildinfo
Checksums-Sha256:
6950c6c5f036491c7cdc4d84d3c9044d66966f0be3d75d8636d6bbde336f54fc 3273 roundcube_1.4.12+dfsg.1-1~deb11u1.dsc
a6f44d06ba61e74fa384979d1ba619c368c354b9fd0bfc3c29456cfc9c588c8d 128880 roundcube_1.4.12+dfsg.1.orig-tinymce-langs.tar.xz
2b7e4aba38dcecb8cc7c6d7fa02d9d6b2e2650e9893a66aa3292f84896d1a7e3 889096 roundcube_1.4.12+dfsg.1.orig-tinymce.tar.xz
dba4dc8f04df07cede2916fd49769c99319b363618c9133971e89c41577ee8ca 2975816 roundcube_1.4.12+dfsg.1.orig.tar.xz
57cb8f890dd6faef5a977b19717f54743f3e02dc2c12fa5ae5ba408baaa33ba8 90680 roundcube_1.4.12+dfsg.1-1~deb11u1.debian.tar.xz
667d793f43335c822512dcf5e0d5dca527fe14c98e44c0ab52f5f57f52e91a4c 10569 roundcube_1.4.12+dfsg.1-1~deb11u1_amd64.buildinfo
Files:
400526b83be62a7e8f0061c3fbc2d98f 3273 web optional roundcube_1.4.12+dfsg.1-1~deb11u1.dsc
b075acfd823355091c04e2c7b7951d8b 128880 web optional roundcube_1.4.12+dfsg.1.orig-tinymce-langs.tar.xz
32f04b2b9f2f35d90f6abbfab11562d5 889096 web optional roundcube_1.4.12+dfsg.1.orig-tinymce.tar.xz
6964008a52cdb08fff4f2de2ec47f98c 2975816 web optional roundcube_1.4.12+dfsg.1.orig.tar.xz
1675d5af5953c47895f4501b243d995b 90680 web optional roundcube_1.4.12+dfsg.1-1~deb11u1.debian.tar.xz
f0ec8c5912b42f21896284542162240b 10569 web optional roundcube_1.4.12+dfsg.1-1~deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmGfh7kACgkQ05pJnDwh
pVLjMw//YG/RfMZ4d2bmnVnHIgKGXb2PpCRDfsR7/zSGmU1hiZXL1hinq5aynH8w
6AnbdYumv22HMxFkxDL+BWVNuhMGyEqaZ9j9RggybkyKlavVQjAWqIiC/WVlRQzf
VJFoxb9s4iHCK4WpROVvSSV0pKHXlyhjHPO1kIqFlNh4Kmg1t3MnFI70oU9zzEIU
nPF3Z0/ze6PowWb98m+45paPjU1ywYwG67/xALIYfG+laN0hpqaBli/6Um0pMtHJ
3CVpussv90FzewYMQBGNqHfxfv3kgIRkAYG0b/pEKYeYGSIJ7Jmlq2UbabLdy6NR
yDaI+w7ANufIHvyp/Vsnrz9J4krf98DVs78BQ+FRd2znv1dO8ql9eaImw54tdzOz
A6Aith8a8bQch5idm8jt1rQh4fK3hmH+5namZmDdFFBhb+Bs37DqaUUKAzRQDfHc
i2x2mUjQqYmDRMpoip0bKfajH+trcHDuMDjQt4SjdRG5j9U9JhK8KYElU7k+xXbO
Nw/1JRU2RkKUEovUhgRYWGK9xtrJRr1Llqnrnf/bKzXEHUOg4tEfm4rT2Bd6BcPr
p0w48aN+XxVgkmiFFIU0bwoVC1gktbyKr6178lJ15gawC6OiK1MEL4tLHvpA31jm
3bFvp6oW5AoZHL2YrYXtM0jjf4qcbS8mckOu1BRsqwEaNNYa5OY=
=MK5a
-----END PGP SIGNATURE-----