-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 08 Aug 2024 23:48:56 +0200
Source: roundcube
Architecture: source
Version: 1.4.15+dfsg.1-1+deb11u4
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@alioth-lists.debian.net>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 1077969
Changes:
 roundcube (1.4.15+dfsg.1-1+deb11u4) bullseye-security; urgency=high
 .
   * Fix CVE-2024-42008: Cross-site scripting (XSS) vulnerability in serving of
     attachments other than HTML or SVG.
   * Fix CVE-2024-42009: Cross-site scripting (XSS) vulnerability in
     post-processing of sanitized HTML content. (Closes: #1077969)
   * Fix CVE-2024-42010: Information leak (access to remote content) via
     insufficient CSS filtering.
   * Backport upstream fix for infinite loop when parsing malformed Sieve
     script.
Checksums-Sha1:
 b1c02113680293fd3574e9271687a8aa5e881e13 3276 roundcube_1.4.15+dfsg.1-1+deb11u4.dsc
 85e881df2b3d93da3081c588eeeb752880ce8da4 109876 roundcube_1.4.15+dfsg.1-1+deb11u4.debian.tar.xz
 d37902dc53bd9b9c0dc1c335e5a29c7d68818b54 10857 roundcube_1.4.15+dfsg.1-1+deb11u4_amd64.buildinfo
Checksums-Sha256:
 9ad8f09e42c6cbfa0cc8dc3b4338c4a70b85fa7a35a19801c12e490ff0c8f6a8 3276 roundcube_1.4.15+dfsg.1-1+deb11u4.dsc
 eeca2d679fe36aa08ff9099dcc33cb2ccf1ce2f2880f8f351ed5697a71fabeb6 109876 roundcube_1.4.15+dfsg.1-1+deb11u4.debian.tar.xz
 d57903b078e666179fc5452f23f1b117ae9ad0d14456a43beec462455165eb49 10857 roundcube_1.4.15+dfsg.1-1+deb11u4_amd64.buildinfo
Files:
 c679031b681d45f6439cc8f054f07127 3276 web optional roundcube_1.4.15+dfsg.1-1+deb11u4.dsc
 68c1d74d0406df79b80c4207f961bd98 109876 web optional roundcube_1.4.15+dfsg.1-1+deb11u4.debian.tar.xz
 cfa7811aca3fef6d28589048ff7369c6 10857 web optional roundcube_1.4.15+dfsg.1-1+deb11u4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAma33QsACgkQ05pJnDwh
pVJGYQ/8CmLFYito5UrsYR/E0oAxfIfvr/zFD/HWaWa5DpYOGwmUfEr42bXQJ9aB
QOPZhJIpyvESU2tbec0dlUdxB6MlVXge1Oe/JWAD/nMCwarVzWvwAyuRimoV8BLX
sBgK0LT8ETxZKywTEgDIf/GLRM1O/yD85p8CLypHzhq26lgMI96tw5QJP1MGNeEq
KTAMI+WqKlbKkdXKq6n/QRVK2jkzhmIUr4fVkgTUz4vXltdjbl2heh4kyyFZFtZv
Bs7VaHMVnFBH4abjPphiNkqPIwvITvvedyEWGIIkM+jIh166NDz8aYc2doNERNbO
2mR/E+P1e0D+vF134zc/XCnLVZhhQqopTpjCCPNvCHLaEVl2WGUYvaoLNDGqXZUd
5UcsIZHmq945EFsKx9CFP/0iN2utDw6QDK+GG0XeVptxDByfJr6WNAca9e9p92am
b6vcFTR5OgxU0BmDGYwy0ZWfpFzGkjIvOP25gUEZ83ltauT3PvEUNxAE4NPP+YO9
fmFbc66wxhESiPpz6JzjXl8jcfhA8Wu+D3cotX5FZujER4QkNZ4FAgR2Xw3fCDET
yyQoJtSQJA1sl7DFS3PATlgF3HSsosbZ+BLVlgzDC0fa/z3E3+uhey2Ky3+ZsbYq
+WmhbJjoOOuMBQS1w6b7lXAHE8YIQolT6tARfZvF945xN4yv7Lo=
=0fNh
-----END PGP SIGNATURE-----