-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 09 Nov 2017 05:32:13 +0100 Source: roundcube Binary: roundcube-core roundcube roundcube-mysql roundcube-pgsql roundcube-sqlite3 roundcube-plugins Architecture: source all Version: 1.3.3+dfsg.1-1 Distribution: unstable Urgency: high Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintain...@lists.alioth.debian.org> Changed-By: Guilhem Moulin <guil...@debian.org> Description: roundcube - skinnable AJAX based webmail solution for IMAP servers - metapack roundcube-core - skinnable AJAX based webmail solution for IMAP servers roundcube-mysql - metapackage providing MySQL dependencies for RoundCube roundcube-pgsql - metapackage providing PostgreSQL dependencies for RoundCube roundcube-plugins - skinnable AJAX based webmail solution for IMAP servers - plugins roundcube-sqlite3 - metapackage providing SQLite dependencies for RoundCube Closes: 876722 877275 880194 880827 Changes: roundcube (1.3.3+dfsg.1-1) unstable; urgency=high . * New upstream release. It primarily fixes a recently discovered file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default. More details will be published under CVE-2017-16651. * debian/rules: + Make the build reproducible. Thanks to Chris Lamb for the report and patch. (Closes: #880827.) + Run `chmod 0755 plugins/password/helpers/*.p[ly]` + Fix precedence in find(1) call in override_dh_install. Thanks to Chris Lamb for the report and patch. (Closes: #876722.) * debian/control: + Replace "Priority: extra" (deprecated since Debian Policy 4.0.1) with "Priority: optional". + Bump Standards-Version to 4.1.0 (no changes needed). + Promote php-mysql to first alternative in roundcube-mysql's dependencies: it currently depends on php7.0-mysql, which in turns provides virtual package php-mysqlnd. * Patch /etc/roundcube/htaccess to use mod_php7.c in the <IfModule> directive. Thanks to Peter Nowee for the report and patch. (Closes: #880194.) * debian/roundcube-core.preinst: Add "#DEBHELPER#" placeholder. * debian/roundcube-core.links: Remove robots.txt, which is no longer shipped by the package since 1.3.0+dfsg.1-1. (Closes: #877275.) Checksums-Sha1: 09fe5015dd54c809338d612174dd01397ad90baa 2463 roundcube_1.3.3+dfsg.1-1.dsc 9db40ddb2cefeac07af51b5716fe24e6c95469fd 3026091 roundcube_1.3.3+dfsg.1.orig.tar.gz 3a9f5422f2389235ff93fa07e727d24b89bf0dd7 3004724 roundcube_1.3.3+dfsg.1-1.debian.tar.xz a61a08e04417ee377d9cc8b72129d1f567aed170 1760764 roundcube-core_1.3.3+dfsg.1-1_all.deb 939a2d945d41d28e9976a5ad957d723586c52e25 75772 roundcube-mysql_1.3.3+dfsg.1-1_all.deb 4dcb48ddfb26fb25d030aaa6e3529cb79a662003 75748 roundcube-pgsql_1.3.3+dfsg.1-1_all.deb fbe9f1276b42a700a7400312c6c3247d7721ad2d 684276 roundcube-plugins_1.3.3+dfsg.1-1_all.deb 68cfa30b87e0e5bb3d52342afa1f529b68d53b78 75728 roundcube-sqlite3_1.3.3+dfsg.1-1_all.deb ba3b686d2af7661b3be1bffecf9758b3c42df82b 1436 roundcube_1.3.3+dfsg.1-1_all.deb 777c05a91ef173d0588ff2594a4dbfe89b6ed957 8727 roundcube_1.3.3+dfsg.1-1_amd64.buildinfo Checksums-Sha256: 4a070a0c68f76447b49201adcfe7c0156f55a8d9f28d06a7faf5932c3531976d 2463 roundcube_1.3.3+dfsg.1-1.dsc 6d3c9b2a01c900ea14a567f925fc75c87c4fc253403434216fac264d5b22fb35 3026091 roundcube_1.3.3+dfsg.1.orig.tar.gz 6e0e68089757412577dc5e89ead6f802709b4f1bd66afe48c65f9873b41f89eb 3004724 roundcube_1.3.3+dfsg.1-1.debian.tar.xz 85d8dce4ab77fef15a3a7fc1dcb928e31439ebd11ca332df067e6898fe37fdae 1760764 roundcube-core_1.3.3+dfsg.1-1_all.deb 0376f7ed1d3e7ac11aa7071c130d12956f597d6eb751f18ccb10e5de3007283a 75772 roundcube-mysql_1.3.3+dfsg.1-1_all.deb b7bdaf7d48fe204ec6fa7ae75d7a7833959e44a75babe34b6303be1d9adb37fe 75748 roundcube-pgsql_1.3.3+dfsg.1-1_all.deb 3208b78f2c307fd61cc2989cc156e5c46ad60c5369904cc1a0cb3c20f7c419ba 684276 roundcube-plugins_1.3.3+dfsg.1-1_all.deb c593cb1e0dbe4681a589ced9e2fc724138788a837bab62a3ddb688d6f7c7b444 75728 roundcube-sqlite3_1.3.3+dfsg.1-1_all.deb 0b4bfbf67e68f79983453285745956c30a59c2dd20a9cb8dad3ffdc4719a3a3d 1436 roundcube_1.3.3+dfsg.1-1_all.deb 4532352980d05b3f3fefdf051a472466faf2fd261835ac7ea49dd4979300164c 8727 roundcube_1.3.3+dfsg.1-1_amd64.buildinfo Files: 8304c98bf73af0814476885ae3581c19 2463 web optional roundcube_1.3.3+dfsg.1-1.dsc da0fa2d7d1aacf16e2933312d881ad78 3026091 web optional roundcube_1.3.3+dfsg.1.orig.tar.gz 7e0b08e6a7076d766a8ccc2b466cf6bf 3004724 web optional roundcube_1.3.3+dfsg.1-1.debian.tar.xz 45b77da4cbf8f81cfe9d8ca8f2f57770 1760764 web optional roundcube-core_1.3.3+dfsg.1-1_all.deb e626e8b953331342e834b18aede7a81c 75772 web optional roundcube-mysql_1.3.3+dfsg.1-1_all.deb 376dd516b59d965b293fd01071b8a59f 75748 web optional roundcube-pgsql_1.3.3+dfsg.1-1_all.deb aa4998b47c01bebcc3a373db71943694 684276 web optional roundcube-plugins_1.3.3+dfsg.1-1_all.deb b24b83084f7c61d5f8e50bb0afaf786d 75728 web optional roundcube-sqlite3_1.3.3+dfsg.1-1_all.deb e9084552270610484fbbb100f2f01411 1436 web optional roundcube_1.3.3+dfsg.1-1_all.deb 8419564ca59fde68efc95c8f975bbd5e 8727 web optional roundcube_1.3.3+dfsg.1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAloD3RMACgkQ05pJnDwh pVJiUhAAqAO1GDmKblC2GEsmUO0k2arTkv3LicZnX6Z376xPrJ6OZaYnCjBNlYzW D9cETrTlDNjw+IUvXXqDkzJ0laRKZntE6HOGBIBEmxm9Z2wcgb/y7pgjHPlz4UQl uV38N9kJvXGt+P5miqke7TCQS7NGo7JsX5VGGsGELsBEomr3k3gPjxTw+oQeuCi4 53wXyEmC3HWL54vo2Rb5rBM9cL84FnzbwcgQO0/AXTDf2T5l9kKtPfDvS4EBjr/q eftuLAAJ1M1VIGFq2+pILmeTOAhsNN9mqFHv7pbOkzpbF0atzK1Y2B/ESUQlo19V GiFCNTA0VFUTX9l+MeTPXeCt1QDqFOROcjMnr1FrbcEna8byx/dmMowqz26SRqGp AkBqhBLfjYvJBjt4PdBY149ocgrZgH9NqZrxnuDZsmAgbLyX8VW3vzD3NHK8bfzS EoghDSfsY94/y84lCpzT1N4Ro8SgNFIR5+jCdg4tQ0JGwIuTjJg7TYfqERLY8jFF FJq0fXD8G9MOjNi78WAaGz0QU21dwSoBWdmHlEbPj9ZnjLNbcjZ2fgLZYb/bQWfj Fyx8JSrAXTN4iT4KbJcsEBi6Ae7XubptjQdEYlKO3uU8eFkyN+djCcEsEwce6yBq r4puLnoK+rriQ82THEW8yXszQHRj6AJ3/fYHswiE/C/0hrXF6k4= =a2uu -----END PGP SIGNATURE-----