Your message dated Wed, 27 Sep 2023 18:32:31 +0000 with message-id <e1qlzkp-00ecrs...@fasolo.debian.org> and subject line Bug#1052059: fixed in roundcube 1.4.14+dfsg.1-1~deb11u1 has caused the Debian Bug report #1052059, regarding roundcube: CVE-2023-43770: XSS vulnerability in handling of linkrefs in plain text messages to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1052059: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052059 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: roundcube Severity: normal Tags: upstream Dear Maintainer, upstream released version 1.6.3 which fixes a security issue with the 1.6.x and I kindly ask you to apply the fix for the version in debian stable. https://roundcube.net/news/2023/09/15/security-update-1.6.3-released Best regards, Martin -- System Information: Debian Release: 12.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-12-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages roundcube depends on: ii dpkg 1.21.22 pn roundcube-core <none> roundcube recommends no packages. roundcube suggests no packages.
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: roundcube Source-Version: 1.4.14+dfsg.1-1~deb11u1 Done: Guilhem Moulin <guil...@debian.org> We believe that the bug you reported is fixed in the latest version of roundcube, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1052...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guilhem Moulin <guil...@debian.org> (supplier of updated roundcube package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 25 Sep 2023 11:32:59 +0200 Source: roundcube Architecture: source Version: 1.4.14+dfsg.1-1~deb11u1 Distribution: bullseye Urgency: high Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintain...@alioth-lists.debian.net> Changed-By: Guilhem Moulin <guil...@debian.org> Closes: 1052059 Changes: roundcube (1.4.14+dfsg.1-1~deb11u1) bullseye; urgency=high . * New security/bugfix upstream release: + Fix CVE-2023-43770: cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages. (Closes: #1052059) + Enigma: Fix initial synchronization of private keys. * d/u/signing-key.asc: Add Alec's key BEE674A019359DC1. * Refresh d/patches. Checksums-Sha1: 03ff1569103e0bc2b1624508244174164c791a1e 3273 roundcube_1.4.14+dfsg.1-1~deb11u1.dsc af31fa3812ab1cd0629bb924a255e654fc6e5904 128856 roundcube_1.4.14+dfsg.1.orig-tinymce-langs.tar.xz 679a15643cba8d1f9413e0d98bd8e6986d893b28 889132 roundcube_1.4.14+dfsg.1.orig-tinymce.tar.xz 5b83ebfa6481eea55f1f2f6ce2eb01a9b6e95a61 2976108 roundcube_1.4.14+dfsg.1.orig.tar.xz 850fe4072f27d3195bdd7424f3c01134e59ef869 94968 roundcube_1.4.14+dfsg.1-1~deb11u1.debian.tar.xz 053d2fcbb21816af133e4c94312be9119a6f2f51 10821 roundcube_1.4.14+dfsg.1-1~deb11u1_amd64.buildinfo Checksums-Sha256: eb664fd1a08be44630c25cbfe897b087a4b1e8c3d72da407c0fb7fd797f8be2e 3273 roundcube_1.4.14+dfsg.1-1~deb11u1.dsc 652859555790d44159521c22ea9d43eb8a05b5eb4728760ba6ea02676ea9ad06 128856 roundcube_1.4.14+dfsg.1.orig-tinymce-langs.tar.xz 570038d21a89986e238582359a8d864bdd13e3fc47e322c88a9d0dc0f29baf01 889132 roundcube_1.4.14+dfsg.1.orig-tinymce.tar.xz 116f5129984fc38d1441e475a42896470e105db8c8e1092a963133643f7925e0 2976108 roundcube_1.4.14+dfsg.1.orig.tar.xz b03d8140e3f7f96eae5b0d73f4c5a19cffc8584ce46035068889433e6c5fdc65 94968 roundcube_1.4.14+dfsg.1-1~deb11u1.debian.tar.xz 89bc15af5d6e6c7ff2eaf3b8b1ae93dd2e0ba6130d9d68af5655bd8625052316 10821 roundcube_1.4.14+dfsg.1-1~deb11u1_amd64.buildinfo Files: ce4e93c339a78d6d2585ad3549c1e3d9 3273 web optional roundcube_1.4.14+dfsg.1-1~deb11u1.dsc 1cd21dbf082a39086f80035274ae0505 128856 web optional roundcube_1.4.14+dfsg.1.orig-tinymce-langs.tar.xz 0bed51c23db9c8bb84b56a9403acf47d 889132 web optional roundcube_1.4.14+dfsg.1.orig-tinymce.tar.xz b12f36a36d6fa76a9644878d7482b1de 2976108 web optional roundcube_1.4.14+dfsg.1.orig.tar.xz c8144dce52d1c3b4a110f5d3c60d5380 94968 web optional roundcube_1.4.14+dfsg.1-1~deb11u1.debian.tar.xz 63a1a7c4457511942108958a6340a901 10821 web optional roundcube_1.4.14+dfsg.1-1~deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmURV70ACgkQ05pJnDwh pVKrYhAAlmDTcICPdEbl1XeLMXX7/5y5+l9+G23U3O6iBCyCLtQfkA8gwyINnnIV iMIgGRSdidy0u6wDpG4KSGI51W3eLCyGbevpDY4kb+4dc8DQVv0Ak+wxIKC1207n oe5xXib3K4JLdR+Osn0IegypDDiyph9YZKiAW2/rS+L9fniNf5ji2MuWNODDc6ZY Zhe1xOf2L66drm1hcdiH5mtpLvkNMwNABu27sFm3VL49pjNTKVNLck4N2klN9T1R E7YPQI2EH+7mVN41gOqBzrhnF8W5jQMJHss9cw2SC9QMyZ4RGGEAO636BovlSAiy SLWy9625jQp58R8BTL2dEsVDvKzMgESOy8B2AWN+Zo22pSAkp9Ry5raCZK2U7kqR QE62AQnneETspQRo6o0KPoTYZjj+gAMHUYbYCy4UrCD+w3YInpzLoICS4i7gAvxu Yt/xQYBPCVmAgNOZYW2Xx3dAh9BN8hrOCn+ofBB7eTAMrgH2pPbUBvh58J2J6w5i X02mjXaQ0iZ0V7077z9XUscRkvNt6ppt2CWuQKKo7WpDJ1qf+RdRvIbIpfX7Jr0H 1976Vhs4QJ5UGsTIE56xz9fGVu/RfaXNn0UAcwCEyRmEyTm/Hc+Lz9wzmM0lZYMU khl9Bowj2LDVE4SQK7sg5HLEykOHWc+A+5SaIUHmmN7UWjsJ89g= =in2Q -----END PGP SIGNATURE-----
--- End Message ---
