Accepting request 1191896 from server:php:applications

Update to 1.6.8
Security Update, [bsc#1228900]  [bsc#1228901]

OBS-URL: https://build.opensuse.org/request/show/1191896
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/roundcubemail?expand=0&rev=85

roundcubemail-1.6.7-complete.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:cf52515e65b2818cb02fd7a202c766367b8c54d8b7fea27dda9c81aa7ce1d3a6
-size 5899345

roundcubemail-1.6.7-complete.tar.gz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEiXDjemmK93XYfVkNwpRqlgnNVrQFAmZJ0UIACgkQwpRqlgnN
-VrRndRAAicU/OXjddhgBxfUn2OwfuQCVgC3lj8dvquVkdYfGMUieoxaGiJuzUO+2
-K6Ohm+ztsosGDG5qb8stI1wki00dFZ8vNQ4rmZOXy4fv94zT5Ytm4kUojUVfvERr
-Ksd/LHEnbNxIQNnBcD5aUrkVv9OxD4lnwYkBkt4vA2G7IDNDC9raDWLcJTZSUvQb
-juQ7HIvUp5tzQ0Y9coMhB52jpVJYLZlCdNLvd9zGTebwO/TBBAPLasLusVacQN4W
-Sp33RSS/VMQjx1rnmvnltu+0TKXFUYL620Mn6woEhiF/ahXYgcRqz2im2520YNIK
-mpz6laU6kc4bNTD6ynQtZ+ZWorC+NrENMhh+T8oX7BPqBKK6T/fuLSiGJfNecaUH
-TfH2O9DIiZZ0AP8sAz+Dcjz21sm0Sh2iRSntycbIrhON5nvV/mVDXxOjZ0ZbS3wm
-fs8JRvMOk5tXcH4u8y6Z66z19JGjcXnp6FpTfn0mjfy7HcMGN/6OaykVDDQbng7q
-Z9DLXlXjN1dNiLELPVQAfUZNy/KbUPy4GI7uifcCGIcx4V1kW2XDGe8tzDMwNUhS
-ToS8r0F2VnYcfu+dPXZ2OOWxf+ZT1Mp5shzbCK+ZWWn2/e8t2h2pRFCMgVOmJrWd
-yRpNS/zoDjcGp6eLBWragpA2fhOPNktXMH4r2iYfhQkkk+qIrr4=
-=s8Ri
------END PGP SIGNATURE-----

roundcubemail-1.6.8-complete.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8468be0204a734c574adef4be01578c7dc4fab9c2fe34003bf341a2bd20efd2a
+size 5899212

roundcubemail-1.6.8-complete.tar.gz.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJHBAABCgAxFiEEiXDjemmK93XYfVkNwpRqlgnNVrQFAmavVQUTHGRldnNAcm91
+bmRjdWJlLm5ldAAKCRDClGqWCc1WtKZ3EADiC6a2RyTGOMcHsS4OgKzpXfPRJ2qw
+6Eh/1/VXX0AqJsTGIFXfVJuljFrTE1YQCiWUusiMrhZDIC4kIcFZGxTJQxDLecWn
+uuW+rnyjjqOvWUCBzGCcwOXQRB1sj4XOGLrduN05U0bkGLs918OmjrISYhpXLZzK
+oxArBXiz74v+BIBd4Ee0JgqQQ3pltC5x547bOOOuLQPb0dCl3fBHzXUYvE7m1U+t
+WRtaB3UUtYRGysbyQbgV0EoyZqHF4VYEV5obGOxm4OMGMeO0Kx9fw/zv2lMvu5gg
+Xm19rub08SUX85HB21sw53tUSiDORn0LvJoOkRHMwGMqwO1u7zh6Jvdl/FR2SXLK
+h52N0lLRY+RyNsXj5asJD7h9E/kNcU9bWV+FtSDeqtH3iSNZ79xKRm+nz5I9To6B
+niaIYWn5PwvE32tJUtAJ93Aq32BGxq10F4aV+6imCUYOLJ2B4LQnk6gXCdB+FbiF
+LVGkU5VEt/a4+nWdfzIYW/uThTNOAQMA/BTWipEGybpuQxxdJeoMGujQRlkTL38J
+CtS2xuXxR9zPRnNTZpFDVQcvuOM3vY4mhWzdDXBrJ+xx4YNbze0UtHUR6c+0LEd+
+4uAIfUDy6dcHOVnm/60ae6eL1TjAyrglPDqQxhLMDmDlS8c5++1zQmcm8Ji9eVMI
+r5mki4B+78fygg==
+=a8Gh
+-----END PGP SIGNATURE-----

roundcubemail.changes

@@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Tue Aug  6 15:14:35 UTC 2024 - Aeneas Jaißle <aj@ajaissle.de>
+
+- update to 1.6.8
+  This is a security update to the stable version 1.6 of Roundcube Webmail.
+  It provides fixes to recently reported security vulnerabilities:
+  * Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] [bsc#1228900]
+  * Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008]
+  * Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] [bsc#1228901]
+
+- For further changes, see https://github.com/roundcube/roundcubemail/releases/tag/1.6.8
+
 -------------------------------------------------------------------
 Sun May 19 17:12:36 UTC 2024 - Lars Vogdt <lars@linux-schulserver.de>
 

roundcubemail.spec

@@ -20,7 +20,7 @@
 %define roundcubeconfigpath %{_sysconfdir}/%{name}
 
 Name:           roundcubemail
-Version:        1.6.7
+Version:        1.6.8
 Release:        0
 Summary:        A browser-based multilingual IMAP client
 License:        BSD-3-Clause AND GPL-2.0-only AND GPL-3.0-or-later