Bug#1052059: closed by Debian FTP Masters (reply to Guilhem Moulin ) (Bug#1052059: fixed in roundcube 1.4.14+dfsg.1-1~deb11u1)

Martin Dosch Wed, 27 Sep 2023 11:39:16 -0700

Dear Guilhem,

thank you very much for taking care of this. :)


Best regards,
Martin

On 27.09.2023 18:33, Debian Bug Tracking System wrote:

This is an automatic notification regarding your Bug report
which was filed against the roundcube package:

#1052059: roundcube: CVE-2023-43770: XSS vulnerability in handling of linkrefs 
in plain text messages

It has been closed by Debian FTP Masters <ftpmas...@ftp-master.debian.org> (reply to 
Guilhem Moulin <guil...@debian.org>).

Their explanation is attached below along with your original report.
If this explanation is unsatisfactory and you have not received a
better one in a separate message then please contact Debian FTP Masters 
<ftpmas...@ftp-master.debian.org> (reply to Guilhem Moulin 
<guil...@debian.org>) by
replying to this email.


--
1052059: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052059
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Date: Wed, 27 Sep 2023 18:32:31 +0000
From: Debian FTP Masters <ftpmas...@ftp-master.debian.org>
To: 1052059-cl...@bugs.debian.org
Subject: Bug#1052059: fixed in roundcube 1.4.14+dfsg.1-1~deb11u1

Source: roundcube
Source-Version: 1.4.14+dfsg.1-1~deb11u1
Done: Guilhem Moulin <guil...@debian.org>

We believe that the bug you reported is fixed in the latest version of
roundcube, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1052...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guilhem Moulin <guil...@debian.org> (supplier of updated roundcube package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 25 Sep 2023 11:32:59 +0200
Source: roundcube
Architecture: source
Version: 1.4.14+dfsg.1-1~deb11u1
Distribution: bullseye
Urgency: high
Maintainer: Debian Roundcube Maintainers 
<pkg-roundcube-maintain...@alioth-lists.debian.net>
Changed-By: Guilhem Moulin <guil...@debian.org>
Closes: 1052059
Changes:
roundcube (1.4.14+dfsg.1-1~deb11u1) bullseye; urgency=high
.
  * New security/bugfix upstream release:
    + Fix CVE-2023-43770: cross-site scripting (XSS) vulnerability in handling
      of linkrefs in plain text messages. (Closes: #1052059)
    + Enigma: Fix initial synchronization of private keys.
  * d/u/signing-key.asc: Add Alec's key BEE674A019359DC1.
  * Refresh d/patches.
Checksums-Sha1:
03ff1569103e0bc2b1624508244174164c791a1e 3273 
roundcube_1.4.14+dfsg.1-1~deb11u1.dsc
af31fa3812ab1cd0629bb924a255e654fc6e5904 128856 
roundcube_1.4.14+dfsg.1.orig-tinymce-langs.tar.xz
679a15643cba8d1f9413e0d98bd8e6986d893b28 889132 
roundcube_1.4.14+dfsg.1.orig-tinymce.tar.xz
5b83ebfa6481eea55f1f2f6ce2eb01a9b6e95a61 2976108 
roundcube_1.4.14+dfsg.1.orig.tar.xz
850fe4072f27d3195bdd7424f3c01134e59ef869 94968 
roundcube_1.4.14+dfsg.1-1~deb11u1.debian.tar.xz
053d2fcbb21816af133e4c94312be9119a6f2f51 10821 
roundcube_1.4.14+dfsg.1-1~deb11u1_amd64.buildinfo
Checksums-Sha256:
eb664fd1a08be44630c25cbfe897b087a4b1e8c3d72da407c0fb7fd797f8be2e 3273 
roundcube_1.4.14+dfsg.1-1~deb11u1.dsc
652859555790d44159521c22ea9d43eb8a05b5eb4728760ba6ea02676ea9ad06 128856 
roundcube_1.4.14+dfsg.1.orig-tinymce-langs.tar.xz
570038d21a89986e238582359a8d864bdd13e3fc47e322c88a9d0dc0f29baf01 889132 
roundcube_1.4.14+dfsg.1.orig-tinymce.tar.xz
116f5129984fc38d1441e475a42896470e105db8c8e1092a963133643f7925e0 2976108 
roundcube_1.4.14+dfsg.1.orig.tar.xz
b03d8140e3f7f96eae5b0d73f4c5a19cffc8584ce46035068889433e6c5fdc65 94968 
roundcube_1.4.14+dfsg.1-1~deb11u1.debian.tar.xz
89bc15af5d6e6c7ff2eaf3b8b1ae93dd2e0ba6130d9d68af5655bd8625052316 10821 
roundcube_1.4.14+dfsg.1-1~deb11u1_amd64.buildinfo
Files:
ce4e93c339a78d6d2585ad3549c1e3d9 3273 web optional 
roundcube_1.4.14+dfsg.1-1~deb11u1.dsc
1cd21dbf082a39086f80035274ae0505 128856 web optional 
roundcube_1.4.14+dfsg.1.orig-tinymce-langs.tar.xz
0bed51c23db9c8bb84b56a9403acf47d 889132 web optional 
roundcube_1.4.14+dfsg.1.orig-tinymce.tar.xz
b12f36a36d6fa76a9644878d7482b1de 2976108 web optional 
roundcube_1.4.14+dfsg.1.orig.tar.xz
c8144dce52d1c3b4a110f5d3c60d5380 94968 web optional 
roundcube_1.4.14+dfsg.1-1~deb11u1.debian.tar.xz
63a1a7c4457511942108958a6340a901 10821 web optional 
roundcube_1.4.14+dfsg.1-1~deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmURV70ACgkQ05pJnDwh
pVKrYhAAlmDTcICPdEbl1XeLMXX7/5y5+l9+G23U3O6iBCyCLtQfkA8gwyINnnIV
iMIgGRSdidy0u6wDpG4KSGI51W3eLCyGbevpDY4kb+4dc8DQVv0Ak+wxIKC1207n
oe5xXib3K4JLdR+Osn0IegypDDiyph9YZKiAW2/rS+L9fniNf5ji2MuWNODDc6ZY
Zhe1xOf2L66drm1hcdiH5mtpLvkNMwNABu27sFm3VL49pjNTKVNLck4N2klN9T1R
E7YPQI2EH+7mVN41gOqBzrhnF8W5jQMJHss9cw2SC9QMyZ4RGGEAO636BovlSAiy
SLWy9625jQp58R8BTL2dEsVDvKzMgESOy8B2AWN+Zo22pSAkp9Ry5raCZK2U7kqR
QE62AQnneETspQRo6o0KPoTYZjj+gAMHUYbYCy4UrCD+w3YInpzLoICS4i7gAvxu
Yt/xQYBPCVmAgNOZYW2Xx3dAh9BN8hrOCn+ofBB7eTAMrgH2pPbUBvh58J2J6w5i
X02mjXaQ0iZ0V7077z9XUscRkvNt6ppt2CWuQKKo7WpDJ1qf+RdRvIbIpfX7Jr0H
1976Vhs4QJ5UGsTIE56xz9fGVu/RfaXNn0UAcwCEyRmEyTm/Hc+Lz9wzmM0lZYMU
khl9Bowj2LDVE4SQK7sg5HLEykOHWc+A+5SaIUHmmN7UWjsJ89g=
=in2Q
-----END PGP SIGNATURE-----

Date: Sat, 16 Sep 2023 20:44:16 +0200
From: Martin Dosch <mar...@mdosch.de>
To: Debian Bug Tracking System <sub...@bugs.debian.org>
Subject: roundcube: Please apply security fix from 1.6.3
Jabber-ID: mar...@mdosch.de

Package: roundcube
Severity: normal
Tags: upstream

Dear Maintainer,

upstream released version 1.6.3 which fixes a security issue with the
1.6.x and I kindly ask you to apply the fix for the version in debian
stable.

https://roundcube.net/news/2023/09/15/security-update-1.6.3-released

Best regards,
Martin

-- System Information:
Debian Release: 12.1
 APT prefers stable-updates
 APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-12-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages roundcube depends on:
ii  dpkg            1.21.22
pn  roundcube-core  <none>

roundcube recommends no packages.

roundcube suggests no packages.

signature.asc
Description: PGP signature

Bug#1052059: closed by Debian FTP Masters (reply to Guilhem Moulin ) (Bug#1052059: fixed in roundcube 1.4.14+dfsg.1-1~deb11u1)

Reply via email to