Back to roundcube PTS page

Accepted roundcube 1.2.3+dfsg.1-4+deb9u9 (source) into oldoldstable

To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
Subject: Accepted roundcube 1.2.3+dfsg.1-4+deb9u9 (source) into oldoldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 06 Dec 2021 17:20:14 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1muHew-00040Z-2j@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon,  6 Dec 2021 18:06:42 CET
Source: roundcube
Binary: roundcube-core roundcube roundcube-mysql roundcube-pgsql roundcube-sqlite3 roundcube-plugins
Architecture: source
Version: 1.2.3+dfsg.1-4+deb9u9
Distribution: stretch-security
Urgency: high
Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 roundcube  - skinnable AJAX based webmail solution for IMAP servers - metapack
 roundcube-core - skinnable AJAX based webmail solution for IMAP servers
 roundcube-mysql - metapackage providing MySQL dependencies for RoundCube
 roundcube-pgsql - metapackage providing PostgreSQL dependencies for RoundCube
 roundcube-plugins - skinnable AJAX based webmail solution for IMAP servers - plugins
 roundcube-sqlite3 - metapackage providing SQLite dependencies for RoundCube
Checksums-Sha1:
 3ea4daa3dc03ddfd8c6fd3db0e76b224278cf6e9 2623 roundcube_1.2.3+dfsg.1-4+deb9u9.dsc
 a221df2e1a8b0c86ece11ff247afb46657145376 4451568 roundcube_1.2.3+dfsg.1-4+deb9u9.debian.tar.xz
 aa7dbc5294c9f518687a4990b757690064be30da 9620 roundcube_1.2.3+dfsg.1-4+deb9u9_amd64.buildinfo
Checksums-Sha256:
 ff8ed4af372a89862e2519916c9e41feb882b192c2a9c7467bc2e6093f6ff379 2623 roundcube_1.2.3+dfsg.1-4+deb9u9.dsc
 a7e0ac87e7d1e89f3a2d5d83182763d3206906c0f6eaa013c935d69bbfc7ec56 4451568 roundcube_1.2.3+dfsg.1-4+deb9u9.debian.tar.xz
 e789ed97bd7b7aa4e8416830ba7b16c49da1d9d306d74aecdee75d98e5150acd 9620 roundcube_1.2.3+dfsg.1-4+deb9u9_amd64.buildinfo
Changes:
 roundcube (1.2.3+dfsg.1-4+deb9u9) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2021-44025 and CVE-2021-44026:
     It was discovered that roundcube, a skinnable AJAX based webmail solution
     for IMAP servers, did not properly sanitize requests and mail messages.
     This would allow an attacker to perform Cross-Side Scripting (XSS) or SQL
     injection attacks.
Files:
 ee11b1378dfbbb3208ac0f803c76a5bc 2623 web extra roundcube_1.2.3+dfsg.1-4+deb9u9.dsc
 5bb98736674113ea27bc21a266cb407c 4451568 web extra roundcube_1.2.3+dfsg.1-4+deb9u9.debian.tar.xz
 973119c2d4c7c0bef04718a841f73b29 9620 web extra roundcube_1.2.3+dfsg.1-4+deb9u9_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmGuQypfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkaZsP/RGYbvgXY3hblh5BgspmRnhqbX1GfRbIvUCp
7OjEgOnaRxk7WwnFqoBTl91v2nrkvXZ+SfIuQRrF3+WXaUM8BQBn4eo33Z2Ovx+m
V7mAxvFapkQIaxHAu8zKS6zHFA+syFXAWiW+ZdtFQa2hJU23XBgQB/Cpr4pEfjcc
rB+Vg+KwNWoaiMMG9uIc8KlYka6SWFZ/GVXXgjltUGZh5OtqUvAVPnVe+KaqxYby
yXVTny+4BE6xSYkuSxYjJYaUY5q0npGQ3qOa+9Os6SGK0/vrigMz2QHHdCVpuPT6
faDnivxBTDwCLnn2KnDW7gYEpe8Dzo0mD+EzIXFc+6LPUFKg4DOC0goF7AQncVX2
oJ5m0cXu+fIzlhwUY4DKBZOs1+/rktFZQ5j9PjPUje2X0WCrcrPFchBksIfTg9vW
rpCXFmB7aftuiJdkxl7c3jjYo11sUiC10BwF3BlenGgKoddBsBFRf2cRDvqjnOaf
BKGwoFk+3vzbmSA9rw8JRIc3ki/ASxVucwwL5oC8lEWyWBKpiPnkCOkSY+uN1G9A
MAIjFeQKLsfeMZD3w9LCBno5UV6//Gp/tWS98H0U+SsoCkUu4fjIJscqmg1GDoms
Pleghp8AXH6KZF3k/u+A9hJKsPs2h6PDDffzH5kK714+eiAAqYAT23iHBLnJzKnt
oLxZ8fFU
=FeG8
-----END PGP SIGNATURE-----