-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 02 Jun 2025 10:01:44 +0200 Source: roundcube Binary: roundcube roundcube-core roundcube-mysql roundcube-pgsql roundcube-plugins roundcube-sqlite3 Architecture: all Version: 1.6.5+dfsg-1+deb12u5 Distribution: bookworm-security Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) Changed-By: Guilhem Moulin Description: roundcube - skinnable AJAX based webmail solution for IMAP servers - metapack roundcube-core - skinnable AJAX based webmail solution for IMAP servers roundcube-mysql - metapackage providing MySQL dependencies for RoundCube roundcube-pgsql - metapackage providing PostgreSQL dependencies for RoundCube roundcube-plugins - skinnable AJAX based webmail solution for IMAP servers - plugins roundcube-sqlite3 - metapackage providing SQLite dependencies for RoundCube Closes: 1107073 Changes: roundcube (1.6.5+dfsg-1+deb12u5) bookworm-security; urgency=high . * Fix CVE-2025-49113: Post-Auth RCE via PHP Object Deserialization. (Closes: #1107073) * Regression fix: CVE-2024-42009.patch from 1.6.5+dfsg-1+deb12u3 and 1.6.5+dfsg-1+deb12u4 caused some HTML messages to be displayed unstyled. Checksums-Sha1: 9f4750ebd933616c9bf1b9ff165584738ed0e11d 4697296 roundcube-core_1.6.5+dfsg-1+deb12u5_all.deb a55f8842c0061cab9404bdc95829cacdd031d6d3 95364 roundcube-mysql_1.6.5+dfsg-1+deb12u5_all.deb c753f4413b57ac446e075e71b3df864f0240ed26 95352 roundcube-pgsql_1.6.5+dfsg-1+deb12u5_all.deb 22b9525862191889a17639d756e4fc05c1ffe77d 777076 roundcube-plugins_1.6.5+dfsg-1+deb12u5_all.deb 7291ef1467053a6d1277b6f647f6608a94b6b9fb 95340 roundcube-sqlite3_1.6.5+dfsg-1+deb12u5_all.deb 7f46752da7d19d4f8e7f1492d1884dc544eb66a4 14031 roundcube_1.6.5+dfsg-1+deb12u5_all-buildd.buildinfo cd299bb8e277ae7a73748e4f5614f907591600e5 1296 roundcube_1.6.5+dfsg-1+deb12u5_all.deb Checksums-Sha256: 36f4d053aae464b053df3959a9bea495795dd06ff1d66188533451132952294e 4697296 roundcube-core_1.6.5+dfsg-1+deb12u5_all.deb 60d359e6ae4a66a7c591bbfcb09c4cdadb9a884277bdb4829ea9e2bdcdfd4d48 95364 roundcube-mysql_1.6.5+dfsg-1+deb12u5_all.deb e97fb0dc26611a406c0f668bbd70d685dc91d4f841e72268cd6735e42dad846f 95352 roundcube-pgsql_1.6.5+dfsg-1+deb12u5_all.deb 08c4f6c8fe40b230f5f5b87ca1aced561152d19515f2b5171c6f3cec841e1603 777076 roundcube-plugins_1.6.5+dfsg-1+deb12u5_all.deb d8811fd02599dcf1225d23c1cb3b5cc0469225a5fda3180572bc1c0ff2820858 95340 roundcube-sqlite3_1.6.5+dfsg-1+deb12u5_all.deb eeb41f74aa1c43e0298c3bdaeab30fe686ad7ff44cbc04d64d5ba66f9bbcfb8d 14031 roundcube_1.6.5+dfsg-1+deb12u5_all-buildd.buildinfo 2f4d67e0618998b070ab9354602d2a9756cd0fc82075f6804c7c34b8110328bf 1296 roundcube_1.6.5+dfsg-1+deb12u5_all.deb Files: 6c330ec25837ba58cb53f4a938b60a65 4697296 web optional roundcube-core_1.6.5+dfsg-1+deb12u5_all.deb 03073118100280092c77739ecb282f8d 95364 web optional roundcube-mysql_1.6.5+dfsg-1+deb12u5_all.deb c0cd7dae13fb900afd5368aac53ab5f3 95352 web optional roundcube-pgsql_1.6.5+dfsg-1+deb12u5_all.deb b82b3c74118632630d34971657523204 777076 web optional roundcube-plugins_1.6.5+dfsg-1+deb12u5_all.deb 512d2422fd08b11211c6b0e2ac038bad 95340 web optional roundcube-sqlite3_1.6.5+dfsg-1+deb12u5_all.deb b7de51776d4eacafca1920723fc23d51 14031 web optional roundcube_1.6.5+dfsg-1+deb12u5_all-buildd.buildinfo 13e1de9c617880a6eb925d9963b186b8 1296 web optional roundcube_1.6.5+dfsg-1+deb12u5_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEHqtYLkdKRyCY94K8fUw6/tXbAmMFAmg9sJsACgkQfUw6/tXb AmM6KRAAmmGLDTDDSGDzZminO7e38bPsNHnqesC9igeR3QG8N1wxbVpqM941HKGa vgsdsitdZuX7sIsMvTAWH0y1suhMXB0bnmaXXcPQkkgqcsAZV6r0JCw87RC1hK08 Qe9bQXetuy7iGTzGhmRmVRCXxlrMTuH7f/uOVRvY9l7ngrwXMtSHBwmq/A76xCoh 7y9TNy8pd3rNFv1amBYldeepvniMSIRCQUGS1RXsCB8xnC9qiXNbmDIe1G+cbf2q i47lDsmmFSzl9ri0kzbwlQSYm6RcLoSbXYO18OcYYJzqRLintGYH89Ax5edpzY2c TcX8vsoA2bjC1MS0HGDlN3C+X2M/7tu0eeI3kyWmzEzx+M8usvFeCyFBRhBmnVpw 6HvMCpoK3vvdIX2UVkDbCGbZODFag0FMfdxrSHZE+LNBvo4pxpjnFbfuqvF2jpo8 RYY2HEqC/eYTvr4VVnrP92Wrso8+bv134JVeULatrhkLGv4VvSUPZ6GHMxmBnHwD 4vgl4XI8V+sgTpU/mqCnahovBFob6dYL5E4kwJnXt76274mbI2rOFCOED3Se2wWq n4mzVJnL0e2y+LDW1uMb/3GbyNEgPQZnIrl+mYCqOSYv12WEUr1nUQ06GAbXCo06 u7tl++2IU+xGy5JKEz/pgJr1s6PWi6LsfnEtAWLaPex/fDUcqiE= =cIFW -----END PGP SIGNATURE-----