Hi Guilhem, On Wed, Feb 11, 2026 at 12:43:35PM +0100, Guilhem Moulin wrote: > Control: retitle -1 roundcube: [CVE-2026-26079] CSS injection vulnerability > and [CVE-2026-25916] remote image blocking bypass > > Hi, > > Thanks for the update! Here are tested debdiffs for trixie-security and > bookworm-security. As for the previous upload, I suggest to follow > 1.6.x for trixie-security (the upstream diff [0] is pretty targeted already) > and backport targeted fixes for bookworm-security.
We will have a look at your proposed update and come back to you. Thank you for having done the work! Regards, Salvatore
