Package: roundcube Severity: important Dear Maintainer,
upstream released version 1.6.5 which fixes a cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download reported by Rene Rehme: https://github.com/roundcube/roundcubemail/releases/tag/1.6.5 It would be awesome if this could be packaged and added to the upcoming point release. Best regards, Martin -- System Information: Debian Release: 12.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-13-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages roundcube depends on: ii dpkg 1.21.22 pn roundcube-core <none> roundcube recommends no packages. roundcube suggests no packages.
signature.asc
Description: PGP signature
