Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: e3915572 by Salvatore Bonaccorso at 2026-07-05T17:21:22+02:00 Add new roundcube issues - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,23 @@ +CVE-2026-XXXX [DoS via crafted compressed-RTF size in the TNEF (winmail.dat) file] + - roundcube <unfixed> (bug #1141495) + NOTE: https://github.com/roundcube/roundcubemail/commit/bf253c72d4293c93fda511b8464fe9cb34b522c1 (1.6.17) +CVE-2026-54433 + - roundcube <unfixed> (bug #1141495) + NOTE: https://github.com/roundcube/roundcubemail/commit/63e42e233c6e8b5100e2e61a4d13addcd1a45bd5 (1.6.17) +CVE-2026-XXXX [SSRF bypass via specific local address URLs] + - roundcube <unfixed> (bug #1141495) + NOTE: https://github.com/roundcube/roundcubemail/commit/294c7da6e7284166f040cef8607b677d459e0786 (1.6.17) +CVE-2026-54432 + - roundcube <unfixed> (bug #1141495) + NOTE: https://github.com/roundcube/roundcubemail/commit/a3a4482cc9bd5569107e4393d32abb157cb2a568 (1.6.17) +CVE-2026-XXXX [Various vulnerabilities in the password plugin using session-injected username] + - roundcube <unfixed> (bug #1141495) + NOTE: https://github.com/roundcube/roundcubemail/commit/83150ce04d689a70f92d511bcae40adba8d55476 (1.6.17) + NOTE: https://github.com/roundcube/roundcubemail/commit/5cdc6a48b40beabff7f0bf5d9035f4491e877e4c (1.6.17) +CVE-2026-XXXX [Infinite loop in TNEF (winmail.dat) decoder] + - roundcube <unfixed> (bug #1141495) + NOTE: https://github.com/roundcube/roundcubemail/commit/a007321346380136b3de2bd75b486b04f63c0d38 (1.6.17) + NOTE: https://github.com/roundcube/roundcubemail/commit/132ac8dd5a55c8466be12de1daf84355697ffa89 (1.6.17) CVE-2026-14781 (A flaw exists in the org.keycloak.broker.oidc package where the OIDC b ...) - keycloak <itp> (bug #1088287) CVE-2026-14717 (A vulnerability was detected in itsourcecode Hospital Management Syste ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3915572e760f700df1afd29516cb0e47a74077a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3915572e760f700df1afd29516cb0e47a74077a You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
