roundcube (1.6.7+dfsg-1)
[PTS] [DDPO]
COMMITS: VCS has seen 1 commit since the debian/1.6.7+dfsg-1 tag
- Git: https://salsa.debian.org/roundcube-team/roundcube.git -b debian/latest
-
- Branch: debian/latest
- Path: debian/changelog
- Repo size: 43020288
- Browser: https://salsa.debian.org/roundcube-team/roundcube
- Last scan: 2024-07-21 18:45:07+00
- Next scan: 2024-07-28 17:21:00+00
- CI pipeline status: success
- Debian changelog in Git:
roundcube (1.6.7+dfsg-1) unstable; urgency=high
* New upstream bugfix and security release (closes: #1071474):
+ Fix CVE-2024-37385: Command injection via crafted im_convert_path/
im_identify_path on Windows.
+ Fix CVE-2024-37384: Cross-site scripting (XSS) vulnerability in handling
list columns from user preferences.
+ Fix CVE-2024-37383: Cross-site scripting (XSS) vulnerability in handling
SVG animate attributes.
+ Fix PHP8 warnings.
* Update Standards-Version to 4.7.0 (no changes necessary).
* Refresh d/patches.
-- Guilhem Moulin <guilhem@debian.org> Sun, 19 May 2024 23:20:59 +0200
- This branch is 1 commit ahead of tag debian/1.6.7+dfsg-1
- Git log:
commit 5570652a59d296fbdcd9a0b30cf913fda5c8c082
Author: Guilhem Moulin <guilhem@debian.org>
Date: Mon Jun 17 03:24:47 2024 +0200
d/changelog: Retroactively mention CVE-2024-3738[3-5] for 1.6.7+dfsg-1.