-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5743-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
August 08, 2024                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : roundcube
CVE ID         : CVE-2024-42008 CVE-2024-42009 CVE-2024-42010

Multiple cross-site scripting vulnerabilities were discovered in
RoundCube webmail.
 
For the stable distribution (bookworm), these problems have been fixed in
version 1.6.5+dfsg-1+deb12u3.

We recommend that you upgrade your roundcube packages.

For the detailed security status of roundcube please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/roundcube

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAma0oZkACgkQEMKTtsN8
TjYxhA//UCLgEJvU4lRhVKupyDDsLgIxy4yWCvwDORqLtckWd83mJZXqbnUQYOUU
bvTaAHZ5XEEQ8mNwviDwgQZoSK7hY0ZHPb3NSbuc/2hl6aVUp9BqxzQ0iZ4haxiY
LtbqB29zpelXB0orRgH+rNISBLwAei2C+Vf213TKTmceiUGzhRxvkJKr4H++W2b6
7OkAoYqXIIH8OvKJmMgLirW/+toGR29c9F29d+C3Oyq/Qis0e/6osDIehFAdayro
EGJAvoUm72Vfe+syTF3csItT4vtf73qMb51CP67ATeGZ29j7bllqHgybLfjfZyI7
a4v5/VUGe+tDxvFiSsPCpBDuin843qt3rflrcy/LFaVvrYa7/SIcwV84uxVrjf85
mwwlIIud8n01EY7oPw0LK51a6MIrniFePAC3/KyYgBhya+hKE1T3JLQ/8XDRk/zo
M9Mqu1MbtamhjAeTdzkckRr+9ho+meY5un1MmnPtVIMoAaNhG/AteeqAuwCtucAF
Fg36kslrDwd+ojYUavIaE3AoRoLRzto5aAy46tXCE5JSakw2haKpBHoQfAhFwLZ/
59xds+gu7lRWp71Qhx2xBYclJ9XGNsdyx1g8Dzt0tPTQxwHCShP3fI2Wit8QOsWu
VeqdGxyqGT+cFrTmWRaVCKRQOsUgLjTpY2Nm5aKorBdD1HT8FU0=
=eXCy
-----END PGP SIGNATURE-----