Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
112864c6 by Moritz Muehlenhoff at 2026-07-06T12:49:45+02:00
roundcube fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -158,23 +158,23 @@ CVE-2026-12386 (Improper null termination vulnerability
in TUBITAK BILGEM Softwa
CVE-2026-12250 (Invocation of process using visible sensitive information
vulnerabilit ...)
NOT-FOR-US: TUBITAK BILGEM
CVE-2026-XXXX [DoS via crafted compressed-RTF size in the TNEF (winmail.dat)
file]
- - roundcube <unfixed> (bug #1141495)
+ - roundcube 1.6.17+dfsg-1 (bug #1141495)
NOTE:
https://github.com/roundcube/roundcubemail/commit/bf253c72d4293c93fda511b8464fe9cb34b522c1
(1.6.17)
CVE-2026-54433
- - roundcube <unfixed> (bug #1141495)
+ - roundcube 1.6.17+dfsg-1 (bug #1141495)
NOTE:
https://github.com/roundcube/roundcubemail/commit/63e42e233c6e8b5100e2e61a4d13addcd1a45bd5
(1.6.17)
CVE-2026-XXXX [SSRF bypass via specific local address URLs]
- - roundcube <unfixed> (bug #1141495)
+ - roundcube 1.6.17+dfsg-1 (bug #1141495)
NOTE:
https://github.com/roundcube/roundcubemail/commit/294c7da6e7284166f040cef8607b677d459e0786
(1.6.17)
CVE-2026-54432
- - roundcube <unfixed> (bug #1141495)
+ - roundcube 1.6.17+dfsg-1 (bug #1141495)
NOTE:
https://github.com/roundcube/roundcubemail/commit/a3a4482cc9bd5569107e4393d32abb157cb2a568
(1.6.17)
CVE-2026-XXXX [Various vulnerabilities in the password plugin using
session-injected username]
- - roundcube <unfixed> (bug #1141495)
+ - roundcube 1.6.17+dfsg-1 (bug #1141495)
NOTE:
https://github.com/roundcube/roundcubemail/commit/83150ce04d689a70f92d511bcae40adba8d55476
(1.6.17)
NOTE:
https://github.com/roundcube/roundcubemail/commit/5cdc6a48b40beabff7f0bf5d9035f4491e877e4c
(1.6.17)
CVE-2026-XXXX [Infinite loop in TNEF (winmail.dat) decoder]
- - roundcube <unfixed> (bug #1141495)
+ - roundcube 1.6.17+dfsg-1 (bug #1141495)
NOTE:
https://github.com/roundcube/roundcubemail/commit/a007321346380136b3de2bd75b486b04f63c0d38
(1.6.17)
NOTE:
https://github.com/roundcube/roundcubemail/commit/132ac8dd5a55c8466be12de1daf84355697ffa89
(1.6.17)
CVE-2026-14781 (A flaw exists in the org.keycloak.broker.oidc package where
the OIDC b ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/112864c6aeeba3be1411138773cb3aa881f95fea
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/112864c6aeeba3be1411138773cb3aa881f95fea
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits