roundcube (1.6.13+dfsg-1) [PTS] [DDPO]

COMMITS: VCS has seen 1 commit since the debian/1.6.13+dfsg-1 tag

Git: https://salsa.debian.org/roundcube-team/roundcube.git -b debian/latest
JSON
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: debian/latest
Path: debian/changelog
Repo size: 20746240
Browser: https://salsa.debian.org/roundcube-team/roundcube
Last scan: 2026-02-11 12:16:15+00
Next scan: 2026-02-19 17:27:00+00
CI pipeline status: success

Debian changelog in Git:

roundcube (1.6.13+dfsg-1) unstable; urgency=high

  * New upstream security and bugfix release (closes: #1127447).
    + Fix CVE-2026-26079: CSS injection vulnerability.
    + Fix CVE-2026-25916: Remote image blocking bypass via SVG content.
  * Remove an obsolete maintscript entry.
  * Refresh d/patches.
  * d/control: Remove `Rules-Requires-Root: no`.
  * Update Standards-Version to 4.7.3.
    + Remove "Priority: optional" which is the current default and spelling it
      out is no longer recommended per Policy.

 -- Guilhem Moulin <guilhem@debian.org>  Sun, 08 Feb 2026 23:50:17 +0100

This branch is 1 commit ahead of tag debian/1.6.13+dfsg-1

Git log:

commit 61f58127c857d573ca12fbe9327ada257187ec14
Author: Guilhem Moulin <guilhem@debian.org>
Date:   Wed Feb 11 09:59:29 2026 +0100

    d/changelog: Retroactively mention CVE-2026-26079 and -25916 for 1.6.13+dfsg-1.
    
    Gbp-Dch: Ignore