Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
112864c6 by Moritz Muehlenhoff at 2026-07-06T12:49:45+02:00
roundcube fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -158,23 +158,23 @@ CVE-2026-12386 (Improper null termination vulnerability 
in TUBITAK BILGEM Softwa
 CVE-2026-12250 (Invocation of process using visible sensitive information 
vulnerabilit ...)
        NOT-FOR-US: TUBITAK BILGEM
 CVE-2026-XXXX [DoS via crafted compressed-RTF size in the TNEF (winmail.dat) 
file]
-       - roundcube <unfixed> (bug #1141495)
+       - roundcube 1.6.17+dfsg-1 (bug #1141495)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/bf253c72d4293c93fda511b8464fe9cb34b522c1
 (1.6.17)
 CVE-2026-54433
-       - roundcube <unfixed> (bug #1141495)
+       - roundcube 1.6.17+dfsg-1 (bug #1141495)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/63e42e233c6e8b5100e2e61a4d13addcd1a45bd5
 (1.6.17)
 CVE-2026-XXXX [SSRF bypass via specific local address URLs]
-       - roundcube <unfixed> (bug #1141495)
+       - roundcube 1.6.17+dfsg-1 (bug #1141495)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/294c7da6e7284166f040cef8607b677d459e0786
 (1.6.17)
 CVE-2026-54432
-       - roundcube <unfixed> (bug #1141495)
+       - roundcube 1.6.17+dfsg-1 (bug #1141495)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/a3a4482cc9bd5569107e4393d32abb157cb2a568
 (1.6.17)
 CVE-2026-XXXX [Various vulnerabilities in the password plugin using 
session-injected username]
-       - roundcube <unfixed> (bug #1141495)
+       - roundcube 1.6.17+dfsg-1 (bug #1141495)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/83150ce04d689a70f92d511bcae40adba8d55476
 (1.6.17)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/5cdc6a48b40beabff7f0bf5d9035f4491e877e4c
 (1.6.17)
 CVE-2026-XXXX [Infinite loop in TNEF (winmail.dat) decoder]
-       - roundcube <unfixed> (bug #1141495)
+       - roundcube 1.6.17+dfsg-1 (bug #1141495)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/a007321346380136b3de2bd75b486b04f63c0d38
 (1.6.17)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/132ac8dd5a55c8466be12de1daf84355697ffa89
 (1.6.17)
 CVE-2026-14781 (A flaw exists in the org.keycloak.broker.oidc package where 
the OIDC b ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/112864c6aeeba3be1411138773cb3aa881f95fea

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/112864c6aeeba3be1411138773cb3aa881f95fea
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to