Thank you for reporting this. These CVEs are patched for 22.04 in ESM.
Instead of using patches from the `release-1.6` branch, we backported patches from the `master` branch. e.g., https://github.com/roundcube/roundcubemail/commit/ba252dc5e2946506cb8d0b50b2b7bf95ab51876f instead of: https://github.com/roundcube/roundcubemail/commit/43aaaa528646877789ec028d87924ba1accf5242 ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2085666 Title: Roundcube CVE-2024-37383 and CVE-2024-37384 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/roundcube/+bug/2085666/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
