-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6087-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 19, 2025 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : roundcube CVE ID : CVE-2025-68460 CVE-2025-68461 Debian Bug : 1122899 It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, is prone to a cross-site scripting vulnerability via the animate tag in an SVG document and a information disclosure vulnerability in the HTML style sanitizer. For the oldstable distribution (bookworm), these problems have been fixed in version 1.6.5+dfsg-1+deb12u6. For the stable distribution (trixie), these problems have been fixed in version 1.6.12+dfsg-0+deb13u1. We recommend that you upgrade your roundcube packages. For the detailed security status of roundcube please refer to its security tracker page at: https://security-tracker.debian.org/tracker/roundcube Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmlFxC1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TpeA//Q4Xo/D6IVCo90Q6JZA80lRNvVIFej3CjmtxQloD0P1e82hikhLd4Fbwl NcTaShp7AcPfTxi0MyXeQFB29h8dQwXPOk0WYCHJdKNvHj0nC6lNVG90xVtrFdSp ArClETg37xg7smwW7321kjc7FnBKV7+La7uaxOBxoY4pwaOdYwMUU2YQuWWVY4Cb HSfQFznabKI3W994E2S3Uyh8S22ORPq45InSbgzeUdzbFZe9/55+wci19N/lIwd4 V2SUrPBGpJKIEOo6AkD8YHOnSOopQG66/vLBNa2rMdcrEc39Dc4yCgNWZjxmGWu7 NjDRagIVC4MnUErHSYWv2BumVNXwe+Kx1eccM+sM52fscJlVvHE32+E12yel1O/m 4HK1RTuRCSQeZul0+Bwoumq0BHuZCvjyPW2ziUzz4k9d6hEWvoOv0loEASK/PdsW CecWSpOGIHO4D2lPifNKxeJij7ew0Xn4CoCFUZrmi5++zuN9K0lNklOS8xtwsIKJ kxZJ8LNCkoyNnRXf+1aNu3Zn503+2To51jCdooanPZqFhPyHSuLs++yWbPxPVW6i akK5AIMlM4pAM7dwoIWVBsm1czPN0XZLzaPpf9ndFumDeTgT6mvKqFsY5c9endql Z2I72BMzsHM7NYdO0bv0+OWj2LAcJtJnQQwUr/d+ggxAQFc/6ZQ= =3uaL -----END PGP SIGNATURE-----
