Accepted roundcube 1.4.7+dfsg.1-1~bpo10+1 (source) into buster-backports
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 08 Jul 2020 14:28:56 +0200
Source: roundcube
Architecture: source
Version: 1.4.7+dfsg.1-1~bpo10+1
Distribution: buster-backports
Urgency: high
Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@alioth-lists.debian.net>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 964355
Changes:
roundcube (1.4.7+dfsg.1-1~bpo10+1) buster-backports; urgency=medium
.
* Rebuild for buster-backports.
.
roundcube (1.4.7+dfsg.1-1) unstable; urgency=high
.
* New upstream bugfix release, including security fixes for: Cross-Site
Scripting (XSS) vulnerability via HTML messages with malicious
svg/namespace (closes: #964355)
.
roundcube (1.4.6+dfsg.1-3) unstable; urgency=low
.
* d/upstream/metadata: Add upstream's screenshot URL.
* d/po/de.po: Convert from ISO-8859-15 to TDF-8.
* Remove bundled OpenPGP.js as the bundled source is not the preferred form
of modification hence violates DFSG. This breaks key generation in the
enigma plugin (server-side OpenPGP support), but other key operations
(incl. import of private keys) still work. That being said enigma is
already broken in Buster (and Bullseye too right now) due to the missing
dependency 'php-crypt-gpg'. Admins wanting enigma already need to
manually install the dependency; they'll now need to also copy
.
https://raw.githubusercontent.com/openpgpjs/openpgpjs/v4.4.6/dist/openpgp.min.js
.
(or a later version) to /usr/share/roundcube/plugins/enigma/openpgp.min.js
for key generation to keep working.
Checksums-Sha1:
c3531dc9588e39e4d8c949d12813fed1ac34f90d 2511 roundcube_1.4.7+dfsg.1-1~bpo10+1.dsc
f9340220ac93c41765faf976ffadb948aa34288c 856528 roundcube_1.4.7+dfsg.1-1~bpo10+1.debian.tar.xz
06c0d56c9a505652b47288b0ccaea13092969ba7 9822 roundcube_1.4.7+dfsg.1-1~bpo10+1_amd64.buildinfo
Checksums-Sha256:
32ef778a85b221debdfbe6890506f4331d4517e606c33ab94ac6132d18b299f1 2511 roundcube_1.4.7+dfsg.1-1~bpo10+1.dsc
87804bfd9aa9c2a3963939ecc835f297d750ac76323728a5f2f69195e94a507f 856528 roundcube_1.4.7+dfsg.1-1~bpo10+1.debian.tar.xz
3dc9a6c9d59ed4138e447cb3c43b21366e3bb9a7ae00e7a618136ba2fbf257f9 9822 roundcube_1.4.7+dfsg.1-1~bpo10+1_amd64.buildinfo
Files:
1b829caa70d12957444f8be5dbb19fdb 2511 web optional roundcube_1.4.7+dfsg.1-1~bpo10+1.dsc
0e714fe86ebfacd7fc2f91264c01b75d 856528 web optional roundcube_1.4.7+dfsg.1-1~bpo10+1.debian.tar.xz
383d0e299d6a85afdbff99e7a832370d 9822 web optional roundcube_1.4.7+dfsg.1-1~bpo10+1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAl8FvPQACgkQ05pJnDwh
pVLMdQ//d1cRbuKPUyT14H/KyY0qSL6NZRXH95DLJqGb1SX7FvQErCxsubmfJ1Eg
PdmuC8EtFFnLxKKZBIaYgUqfC2k1uAG93O6RL6tOhCLfyz8kxCcnEOI1y41+i6fO
ryCW1K2K4NsUOpwt60bSdEu/m1OditeqeWfFcZQ8Etila81/FvsBMxtagW0IcIDj
ntO5Sc6q0kYtON/t9zS0jX0agMpemwcRrQehixDouSf70Fm3ujK6BSJaCwTF5yCv
JApH01iO/P99JoYo/aDC6wAeh7S9q9r/pV3cvigmBQtIO+3tzTqtqiaa9VUOptLn
J4Hv2BQu/QeSUfWVfZUQf7X5ffPqDZzCf+KOiu+FIJC/rdAiyOUERlP0xcV5DcaK
SndaL2pdchvlgeflrV1a/PQIfRzeJxtS0ySq7Hg0r8BzKD6l+wPsalYtafT/v51k
FRDZk/AMDZKkxbTaGggqrE9Oi+mReOeC4PtJXtb2+uTXC5NyiaDq/02xm2xUlq3O
TsvV6jGg3s6EOINKKBvRm4J7V6LRCPpjMSjUntkz2OosmW6xTyV9bcbpSM1hHOrL
cBcGlmJZBKONRjBMGyAVTKtSMrtYMJ/jjO8TRcZUQ3Ee9aKz4lRXG87BujfWWYFK
M8Ya/GE/KL6KoHbJKwuXBY80MD95fJ92AjZSPU8+eAuErOL5mvY=
=nJIj
-----END PGP SIGNATURE-----
Reply to: