From c0b40c713d007428660d8151dbb5bab4bb8067be0b5536d63de5b412cc8837f7 Mon Sep 17 00:00:00 2001
From: Alexander Bergmann <abergmann@suse.com>
Date: Wed, 4 Mar 2026 12:55:12 +0000
Subject: [PATCH] Add CVE ids to the factory changes file

---
 roundcubemail.changes | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/roundcubemail.changes b/roundcubemail.changes
index 21d09bf..85673bc 100644
--- a/roundcubemail.changes
+++ b/roundcubemail.changes
@@ -4,8 +4,10 @@ Sun Feb  8 12:51:32 UTC 2026 - Lars Vogdt <lars@linux-schulserver.de>
 - update to 1.6.13
   This is a security update to the stable version 1.6 of Roundcube Webmail.
   It provides fixes to recently reported security vulnerabilities:
-  + Fix CSS injection vulnerability reported by CERT Polska.
-  + Fix remote image blocking bypass via SVG content reported by nullcathedral.
+  + Fix CSS injection vulnerability reported by CERT Polska (boo#1258052,
+    CVE-2026-26079).
+  + Fix remote image blocking bypass via SVG content reported by nullcathedral
+    (boo#1257909, CVE-2026-25916).
 
   This version is considered stable and we recommend to update all productive 
   installations of Roundcube 1.6.x with it. Please do backup your data 
@@ -25,9 +27,9 @@ Mon Dec 15 13:38:36 UTC 2025 - Lars Vogdt <lars@linux-schulserver.de>
   It provides fixes to recently reported security vulnerabilities:
   
   + Fix Cross-Site-Scripting vulnerability via SVG's animate tag 
-    reported by Valentin T., CrowdStrike.
+    reported by Valentin T., CrowdStrike (boo#1255308, CVE-2025-68461).
   + Fix Information Disclosure vulnerability in the HTML style 
-    sanitizer reported by somerandomdev.
+    sanitizer reported by somerandomdev (boo#1255306, CVE-2025-68460).
 
   This version is considered stable and we recommend to update all 
   productive installations of Roundcube 1.6.x with it. 
-- 
2.51.1