[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index] [SECURITY] [DSA 6301-1] roundcube security update To: debian-security-announce@lists.debian.org Subject: [SECURITY] [DSA 6301-1] roundcube security update From: Moritz Muehlenhoff <jmm@debian.org> Date: Wed, 27 May 2026 21:01:07 +0000 Message-id: <[🔎] ahdbk_z4d6nQz-Yp@seger.debian.org> Reply-to: debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6301-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 27, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : roundcube CVE ID : CVE-2026-48842 CVE-2026-48843 CVE-2026-48844 CVE-2026-48845 CVE-2026-48846 CVE-2026-48847 CVE-2026-48848 CVE-2026-48849 Multiple security vulnerabilities were discovered in RoundCube Webmail, which could result in cross-site scripting, SQL injection, SSRF bypass, information disclosure, denial of service or code injection. For the oldstable distribution (bookworm), these problems have been fixed in version 1.6.5+dfsg-1+deb12u9. For the stable distribution (trixie), these problems have been fixed in version 1.6.16+dfsg-0+deb13u1. We recommend that you upgrade your roundcube packages. For the detailed security status of roundcube please refer to its security tracker page at: https://security-tracker.debian.org/tracker/roundcube Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmoXWz8ACgkQEMKTtsN8 TjbJhg/8D6sI+vQfFO9z3NgS64mKhkRNXRBoN3YxEfNGFOJcji4WGutf8mnojHAg nBRHs+IuSaiLEOwWvYsGnYzMFlqXqd2IVxgfyPEGQCLGtTo059XOrQCwnq0+Jxuz QhKMtsuKM13y3EvP4KGUr91SovR5CPuE25aDdXQliP7qeps3vfyekrhf7XHgaImz lxrm21ItPdGKmY3AcNq6OXXOx+CW4Z3WBN6eVbQpW4FdhAEWO11IqRaTbWlIjRqc Vzk3Qrj+Mp/OyTUmd5EuN4rynrLGAnFFfm3TN/8J72uxYjn3M/WRgsvDM0LOrY/p g6WS8Fd/XfDS3iRHRVbPaXM6Fy4wdBKhtoZzhRAZIw/upt8V8orTd4rGC8+JWTm+ UWdswO9+IoorsnbaNJEpshUkyArf6FtzbsufuNl9CFy+dMFJex1rkX0HYJkXClew V9KHDYuRxybZitplBd3IbrU2sON2t3ycxXkZtV34J53odZWC8AQsYKTGM7MxfdN4 LErr4l+hhO+wOaG1ek9RL/1P4D7S46RET4xG0QcmEA2qYW3YmtCHsP+/ePIRuC8Z sVQAQu52TXSglGMm3uw0kgE1ebdLyiFe0T3whZTeBWFBxQ38TFnx3OrlfcPINyPc OkAN1QDchpd05YO5mAlQUh32hWBodV6Z8OYukE/KZgZtVBaQqBY= =fxAg -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Moritz Muehlenhoff (on-list) Moritz Muehlenhoff (off-list) Prev by Date: [SECURITY] [DSA 6300-1] node-shell-quote security update Next by Date: [SECURITY] [DSA 6302-1] starlette security update Previous by thread: [SECURITY] [DSA 6300-1] node-shell-quote security update Next by thread: [SECURITY] [DSA 6302-1] starlette security update Index(es): Date Thread