-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 14 Apr 2018 20:52:38 +0200 Source: roundcube Binary: roundcube-core roundcube roundcube-mysql roundcube-pgsql roundcube-sqlite3 roundcube-plugins Architecture: source all Version: 1.3.6+dfsg.1-1 Distribution: unstable Urgency: medium Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintain...@lists.alioth.debian.org> Changed-By: Guilhem Moulin <guil...@debian.org> Description: roundcube - skinnable AJAX based webmail solution for IMAP servers - metapack roundcube-core - skinnable AJAX based webmail solution for IMAP servers roundcube-mysql - metapackage providing MySQL dependencies for RoundCube roundcube-pgsql - metapackage providing PostgreSQL dependencies for RoundCube roundcube-plugins - skinnable AJAX based webmail solution for IMAP servers - plugins roundcube-sqlite3 - metapackage providing SQLite dependencies for RoundCube Closes: 883620 895100 895184 Changes: roundcube (1.3.6+dfsg.1-1) unstable; urgency=medium . * New upstream release. (Closes: #883620). + Includes fix for CVE-2018-9846: When the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter to perform an MX (IMAP) injection attack. (Closes: #895184). + Upgrade OpenPGP.js from 1.6.2 to 2.6.2. * debian/control: + Bump Standards-Version to 4.1.4 (no changes needed). + Remove dependency on 'php-mcrypt' package, which is no longer needed since Roundcube 1.2. (Closes: #895100). * debian/patches/*.patch: Remove files not mentioned in series: + correct-magic-path.patch + disable-dns-prefetch.patch + dont-limit-email-local-part.patch + fix-599586.patch + install-jsdeps.sh + received-headers-sa.patch + too-old-mdb2.patch + use-debian-jquery-ui.patch + uuencoded-attachments.patch * debian/roundcube-core.postinst: Use non-recursive calls to chown(1) and chmod(1). Checksums-Sha1: b73de61c6cdbfa40a74f7f000d5b7774fe466ae8 2463 roundcube_1.3.6+dfsg.1-1.dsc 34fe5958b5b0d647e435c483929509d967fa52e9 3092550 roundcube_1.3.6+dfsg.1.orig.tar.gz 943c87a690f060c7d8dde0a74db19f6952433f69 3053276 roundcube_1.3.6+dfsg.1-1.debian.tar.xz bb2ee8c99f061a09757d9c2ca73d134016553bfc 2222480 roundcube-core_1.3.6+dfsg.1-1_all.deb 17b742718bfe0495822a591c37cf70ee8b3176b6 77352 roundcube-mysql_1.3.6+dfsg.1-1_all.deb 97ee378f0251646fa9b435d9d69fd28a553b74ff 77324 roundcube-pgsql_1.3.6+dfsg.1-1_all.deb 2d6f82390055e9895aeb2aaf175ee3e3366ebe39 1001456 roundcube-plugins_1.3.6+dfsg.1-1_all.deb 1bc007cb6302b62f4f2a183e06421c7adeae6472 77304 roundcube-sqlite3_1.3.6+dfsg.1-1_all.deb 85f90266ce3a7529353e284af026cc4e47973ce2 1440 roundcube_1.3.6+dfsg.1-1_all.deb f7038528b680c1219d6d6cf12eaf5c28c5a202a3 8808 roundcube_1.3.6+dfsg.1-1_amd64.buildinfo Checksums-Sha256: 2fc58fe481582d3ca4dbdab6ce812f2a26324eb870464be5fd1d8bb1d2da9a7d 2463 roundcube_1.3.6+dfsg.1-1.dsc d486394ae05a9295d1ca6a238fcf36bbfcd10b547b3c2c9127e1d1fb08b998be 3092550 roundcube_1.3.6+dfsg.1.orig.tar.gz 9abb7599c66d233788bf5751dbc57c735ff299ee809df10bf9733e9d68a0b7d3 3053276 roundcube_1.3.6+dfsg.1-1.debian.tar.xz af7be03034a2c9628eec0e5b0ff042c7101977e9c27c9d51733af01f4af523db 2222480 roundcube-core_1.3.6+dfsg.1-1_all.deb 2b866f9c5ce474e0c2b022af47597ce3b4558a44c2991cddf421a4a3436b7423 77352 roundcube-mysql_1.3.6+dfsg.1-1_all.deb 0f31798adf16e7e9053192ab4203b882922aa093237a6a7de14b93e0f541a2d1 77324 roundcube-pgsql_1.3.6+dfsg.1-1_all.deb 529fbfd424dfd5dd762ed3e7b4c1ea816461b301a2c9b43132393e22654902ab 1001456 roundcube-plugins_1.3.6+dfsg.1-1_all.deb 5a9298312c883bf5d9fc7f635b051e52e99a1423e43a7431dd38addcf5b2059b 77304 roundcube-sqlite3_1.3.6+dfsg.1-1_all.deb 61cc430e09d178b2f044d9019da4efec577c3ea9457d363b012e037089fd4fdb 1440 roundcube_1.3.6+dfsg.1-1_all.deb 062eb8e14dbf0e6490189060c2916df0cb819079e0f72ba3b3eb37234c9e371f 8808 roundcube_1.3.6+dfsg.1-1_amd64.buildinfo Files: 6df63e1def80543d1aa5f0a8d7409628 2463 web optional roundcube_1.3.6+dfsg.1-1.dsc 1560a5fcc55bbd0681d3eda00f978704 3092550 web optional roundcube_1.3.6+dfsg.1.orig.tar.gz 69a9e3fd26874d90e8dc3dbc87d4bfe4 3053276 web optional roundcube_1.3.6+dfsg.1-1.debian.tar.xz 2719de9263f2cf05491ef766eee55067 2222480 web optional roundcube-core_1.3.6+dfsg.1-1_all.deb cb05528bfe859a473256c01ba7948c6c 77352 web optional roundcube-mysql_1.3.6+dfsg.1-1_all.deb 276cc51b17c763e155c31123839361eb 77324 web optional roundcube-pgsql_1.3.6+dfsg.1-1_all.deb f172f312d5c43e96f7bebac5f571d7ef 1001456 web optional roundcube-plugins_1.3.6+dfsg.1-1_all.deb c5fdd77647e66e75d74464b7278bf5b8 77304 web optional roundcube-sqlite3_1.3.6+dfsg.1-1_all.deb b4a3af5d4596abf9983daee76d926d27 1440 web optional roundcube_1.3.6+dfsg.1-1_all.deb 45dbed5093f96dd740bc60e1d71c4919 8808 web optional roundcube_1.3.6+dfsg.1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAlrSTmMACgkQ05pJnDwh pVJsCRAAu7wDx43l8gS2G3xbRc+bKMIS22u4sNzdZ5glLaIfpMnZ+lCbz64To9C2 hSPCXN4o7PaFYnyunfdrtTGJBZD5EvOFBpajGO6PMoBqVsZdUtn7NCdBft3zRwlE o2/vel1Ix/P+4yv+ZVQYWnsLyv/u05JIOX9nCElol5FYB1i5f4Aag6CQhgx5zVbv vLUCJ3A5gh4Q4qAQK6g39zUXpa6zpr02QN8D2Wc3xFYt5lmunvZwBBg9KaxuiwxE EeC1Bihe8AU6PFn6AptiNSKq506H/8jE61aWkP+1jKxDohIZdIivkKYxi9MZ03dY K5FmxApLraRV3XKqt22fyVPHACBa9xy5KvCCqNyYRUOjNw5mI/lR3OrpFn6HYBa8 KYBQ0qA1o4qY+ms4F+0F0UshAbqIIbh25j/quGjW13ikGYF8sVfgo07+cIpfL1bW L0fKpV7odBnIcy4JuNyEYnM/LpaebMd4gA04b60oI6RgXl3RCqxdjFBITuD/XBW2 nHIK/wHLGVUIJP/uhRiWfdlBbXCMx5VA63ovvT7pxYKAbbXYhkRJyq+imaHDBvGr FEv+l2H4ChOjLg+LITiq+5+gUOnO4Fm/cFHydEh+ac8dRFfgtxVZiLJV2jl/ZeJj E/BABtxRB15GNT12JthhA+GIIqEDjJPA8+eMplla/aBU3IZBEY0= =mqzx -----END PGP SIGNATURE-----