roundcube (1.6.12+dfsg-1) [PTS] [DDPO]

COMMITS: VCS has seen 3 commits since the debian/1.6.12+dfsg-1 tag

Git: https://salsa.debian.org/roundcube-team/roundcube.git -b debian/latest
JSON
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: debian/latest
Path: debian/changelog
Repo size: 18423808
Browser: https://salsa.debian.org/roundcube-team/roundcube
Last scan: 2026-01-05 12:04:07+00
Next scan: 2026-01-10 21:40:00+00
CI pipeline status: success

Debian changelog in Git:

roundcube (1.6.12+dfsg-1) unstable; urgency=high

  * New upstream security and bugfix release (closes: #1122899).
    + Fix CVE-2025-68461: Cross-Site-Scripting vulnerability via SVG's animate
      tag.
    + Fix CVE-2025-68460: Information Disclosure vulnerability in the HTML
      style sanitizer.
  * d/watch:
    + Port to Version 5.
    + Simplify [UD]version-Mangle.
    + Use @STABLE_VERSION@ not @ANY_VERSION@ as tag matching pattern.
  * Refresh d/patches.

 -- Guilhem Moulin <guilhem@debian.org>  Sun, 14 Dec 2025 10:53:54 +0100

This branch is 3 commits ahead of tag debian/1.6.12+dfsg-1

Git log:

commit 380e2cf5abfd92c19189aa0063ba86467378ca23
Author: Guilhem Moulin <guilhem@debian.org>
Date:   Thu Dec 18 12:40:02 2025 +0100

    d/changelog: Retroactively mention CVE-2025-6846[01] for 1.6.12+dfsg-1.
    
    Gbp-Dch: Ignore

commit 60e8b8bde996fb2505bf092301cdf5ad62568efa
Author: Guilhem Moulin <guilhem@debian.org>
Date:   Sun Dec 14 11:55:05 2025 +0100

    Removed Rules-Requires-Root.
    
    Changes-By: lintian-brush

commit 18d5d3993b96ff5e5b5394d79d28e53939ec9aa9
Author: Guilhem Moulin <guilhem@debian.org>
Date:   Sun Dec 14 11:55:01 2025 +0100

    Remove an obsolete maintscript entry.
    
    Changes-By: lintian-brush