[SECURITY] [DSA 5934-1] roundcube security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5934-1] roundcube security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Mon, 2 Jun 2025 20:40:46 +0000
Message-id: <aD4MTnqBfGSVMm/V@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5934-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 02, 2025                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : roundcube
CVE ID         : CVE-2025-49113

It was discovered that missing input validation in RoundCube Webmail
could result in code execution.

For the stable distribution (bookworm), these problems have been fixed in
version 1.6.5+dfsg-1+deb12u5.

We recommend that you upgrade your roundcube packages.

For the detailed security status of roundcube please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/roundcube

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmg+DBIACgkQEMKTtsN8
TjaDwQ//XbjP2KsdmzYKieznuZbyAo2GyBIIm0H1WKN9bQBQ3AKDy3xeIeDLIcyp
HecNR9j6Ys1wXMi3t7E+rUYaPCChjC0zg4xbLfp4dANnaoQ6eTtlcSC6jAvx8fQc
+14qCJtQY+7eMNEUv+YSXrBeacuKOjZzxCJkBPNjpwLpAgvkhsL9SDJMFhmigmzD
JM4NNjHNgy+lV8uUjWfwFA3agOUIcPoaIZR5VROX9DVO8fTBNJnwQv9EmhqF7MOq
Fw7dSUy94oC1sf2RPUgR606HDMNGcXtsHLRCRqkhHcVns6VLjTzAvjS9i1AEAQp8
/UvFQKC4pdxhlb3xJZuIWx8L3Rd2P4aNh4TtsBDfG7+N0y6fkn0hgjnVxQR65XR/
VOkQWQNDlwgz+Vmv+mwyNue5oZpHbTCLWzU5XU+8u1msp5iRb5yNMORMw9w6z1wu
5SvI6cQk8wPzcgeLe4YMIpAYeh/ADJqRqfwY0b4k+98ILOkH6tyn0wobfQzWkKJc
3cKa5kGAwNjP7oCRsNJLvhCY0QTDihs1vhLSDFlmRlE/7r3K1r1ye7sKHFDZKWc4
2vEA/x33ovH0jf91/x4opNvPGf944s0EEwurWZx6wDUtRdJgrXtOXbrFark3PF09
Xd5pmW8MuZtUpx5pRJ1VpcaAU87wVBA/XxJ2ttI+FE71eYTqqj8=
=Jiqa
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5933-1] tcpdf security update
Next by Date: [SECURITY] [DSA 5935-1] chromium security update
Previous by thread: [SECURITY] [DSA 5933-1] tcpdf security update
Next by thread: [SECURITY] [DSA 5935-1] chromium security update
Index(es):
- Date
- Thread