Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e3915572 by Salvatore Bonaccorso at 2026-07-05T17:21:22+02:00
Add new roundcube issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2026-XXXX [DoS via crafted compressed-RTF size in the TNEF (winmail.dat) 
file]
+       - roundcube <unfixed> (bug #1141495)
+       NOTE: 
https://github.com/roundcube/roundcubemail/commit/bf253c72d4293c93fda511b8464fe9cb34b522c1
 (1.6.17)
+CVE-2026-54433
+       - roundcube <unfixed> (bug #1141495)
+       NOTE: 
https://github.com/roundcube/roundcubemail/commit/63e42e233c6e8b5100e2e61a4d13addcd1a45bd5
 (1.6.17)
+CVE-2026-XXXX [SSRF bypass via specific local address URLs]
+       - roundcube <unfixed> (bug #1141495)
+       NOTE: 
https://github.com/roundcube/roundcubemail/commit/294c7da6e7284166f040cef8607b677d459e0786
 (1.6.17)
+CVE-2026-54432
+       - roundcube <unfixed> (bug #1141495)
+       NOTE: 
https://github.com/roundcube/roundcubemail/commit/a3a4482cc9bd5569107e4393d32abb157cb2a568
 (1.6.17)
+CVE-2026-XXXX [Various vulnerabilities in the password plugin using 
session-injected username]
+       - roundcube <unfixed> (bug #1141495)
+       NOTE: 
https://github.com/roundcube/roundcubemail/commit/83150ce04d689a70f92d511bcae40adba8d55476
 (1.6.17)
+       NOTE: 
https://github.com/roundcube/roundcubemail/commit/5cdc6a48b40beabff7f0bf5d9035f4491e877e4c
 (1.6.17)
+CVE-2026-XXXX [Infinite loop in TNEF (winmail.dat) decoder]
+       - roundcube <unfixed> (bug #1141495)
+       NOTE: 
https://github.com/roundcube/roundcubemail/commit/a007321346380136b3de2bd75b486b04f63c0d38
 (1.6.17)
+       NOTE: 
https://github.com/roundcube/roundcubemail/commit/132ac8dd5a55c8466be12de1daf84355697ffa89
 (1.6.17)
 CVE-2026-14781 (A flaw exists in the org.keycloak.broker.oidc package where 
the OIDC b ...)
        - keycloak <itp> (bug #1088287)
 CVE-2026-14717 (A vulnerability was detected in itsourcecode Hospital 
Management Syste ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3915572e760f700df1afd29516cb0e47a74077a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3915572e760f700df1afd29516cb0e47a74077a
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to