pool/roundcubemail
SHA256
17
0
Fork 2
Code Issues Pull Requests 2 Activity

Add CVE ids to the factory changes file #4

Open
abergmann wants to merge 1 commits from abergmann/roundcubemail:add-CVE-number-to-factory into factory
pull from: abergmann/roundcubemail:add-CVE-number-to-factory
merge into: pool:factory
Conversation 0 Commits 1 Files Changed 1 +6 -4
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
roundcubemail.changes
View File

@@ -4,8 +4,10 @@ Sun Feb 8 12:51:32 UTC 2026 - Lars Vogdt <lars@linux-schulserver.de>
- update to 1.6.13
This is a security update to the stable version 1.6 of Roundcube Webmail.
It provides fixes to recently reported security vulnerabilities:
+ Fix CSS injection vulnerability reported by CERT Polska.
+ Fix remote image blocking bypass via SVG content reported by nullcathedral.
+ Fix CSS injection vulnerability reported by CERT Polska (boo#1258052,
CVE-2026-26079).
+ Fix remote image blocking bypass via SVG content reported by nullcathedral
(boo#1257909, CVE-2026-25916).
This version is considered stable and we recommend to update all productive
installations of Roundcube 1.6.x with it. Please do backup your data
@@ -25,9 +27,9 @@ Mon Dec 15 13:38:36 UTC 2025 - Lars Vogdt <lars@linux-schulserver.de>
It provides fixes to recently reported security vulnerabilities:
+ Fix Cross-Site-Scripting vulnerability via SVG's animate tag
reported by Valentin T., CrowdStrike.
reported by Valentin T., CrowdStrike (boo#1255308, CVE-2025-68461).
+ Fix Information Disclosure vulnerability in the HTML style
sanitizer reported by somerandomdev.
sanitizer reported by somerandomdev (boo#1255306, CVE-2025-68460).
This version is considered stable and we recommend to update all
productive installations of Roundcube 1.6.x with it.