-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 14 Dec 2025 11:51:43 +0100
Source: roundcube
Architecture: source
Version: 1.6.12+dfsg-0+deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@alioth-lists.debian.net>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 1122899
Changes:
 roundcube (1.6.12+dfsg-0+deb13u1) trixie-security; urgency=high
 .
   * New upstream security and bugfix release (closes: #1122899).
     + Fix CVE-2025-68461: Cross-Site-Scripting vulnerability via SVG's animate
       tag.
     + Fix CVE-2025-68460: Information Disclosure vulnerability in the HTML
       style sanitizer.
   * Refresh d/patches.
   * d/gbp.conf: Set debian-branch=debian/trixie.
   * Salsa CI: Set RELEASE=trixie, disable reprotest and lintian jobs.
Checksums-Sha1:
 962d6cb43f1c85fbeec88b303ac8cf35eee7209a 3860 roundcube_1.6.12+dfsg-0+deb13u1.dsc
 b6102dd4c719acb400298aa6e1d8627ff194597f 126900 roundcube_1.6.12+dfsg.orig-tinymce-langs.tar.xz
 70ab9651d5bf0cc002731e762ed811b1c9b96211 1928404 roundcube_1.6.12+dfsg.orig-tinymce.tar.xz
 003ff398e115137a54217df58bde53f42ef4479b 2791204 roundcube_1.6.12+dfsg.orig.tar.xz
 671611d82b09f579d5d44c550707135901a75e7d 153696 roundcube_1.6.12+dfsg-0+deb13u1.debian.tar.xz
 30e59687139d87ffca0fde0c1c388b3561200223 6280 roundcube_1.6.12+dfsg-0+deb13u1_source.buildinfo
Checksums-Sha256:
 02670576c9a9e0603e399da567efb7530855d11fbc899b23c2f08bcf9b8099fb 3860 roundcube_1.6.12+dfsg-0+deb13u1.dsc
 488276066b6044d9aa7fed66559bed399cbcb9fac6a4d2ea63e0a7858ca9c46e 126900 roundcube_1.6.12+dfsg.orig-tinymce-langs.tar.xz
 9c9a759800812e9e658760c382707f04dab5f9d047bd77e693693e8a840eab7d 1928404 roundcube_1.6.12+dfsg.orig-tinymce.tar.xz
 6ca741ee8b98f643b2038ac5415daa5836013d92c874b0bfcf81efa2f3229ca4 2791204 roundcube_1.6.12+dfsg.orig.tar.xz
 8b80553ca84af38a40f79ed7bab52d94ded9ac4fc81414e8e871c06cd7f53a24 153696 roundcube_1.6.12+dfsg-0+deb13u1.debian.tar.xz
 3ae02f6170728232661aef4c9b90ab7b63c2860190e688b63926265e2c90ed56 6280 roundcube_1.6.12+dfsg-0+deb13u1_source.buildinfo
Files:
 24cac6cc1a548fc087fb7a5459ec20f5 3860 web optional roundcube_1.6.12+dfsg-0+deb13u1.dsc
 66af8f1d0cbfa3b7e16e7d9350a964c5 126900 web optional roundcube_1.6.12+dfsg.orig-tinymce-langs.tar.xz
 50a2e20e6d8ec1abda11aa7d575e1f95 1928404 web optional roundcube_1.6.12+dfsg.orig-tinymce.tar.xz
 8b305f7c4db83506df9deec4705866dd 2791204 web optional roundcube_1.6.12+dfsg.orig.tar.xz
 92383ae09b109d8e88c33e701319747d 153696 web optional roundcube_1.6.12+dfsg-0+deb13u1.debian.tar.xz
 0767ff9744bb094738d10b37c43fc624 6280 web optional roundcube_1.6.12+dfsg-0+deb13u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmlD6WYACgkQ05pJnDwh
pVJ/zhAAq/JIXvvUIA5LAeyrvep/KNdJO//6rA0pQCCdcyHAmeqNxQVD+ALbzVyT
bqZUv4XcdGhyZ190dg26bwCTGnZ8GQ9rYVWgBpy13PbZK8PEFIyt4LyzUH9/tDgC
3eiDwZ0e0IJV42ImhMkKmTMo+VZKJXf485K61/ekEyYCARAyjvQ4Ql8jXvjfa6tg
bC06HcZgV8jcWiRqFsdubktiHBwJfaVu0SP770O0T46pBvJcHbpaniEad3uyTUQr
pgpU8d489gnXP8rC5lZ5y8WonjW2hV7Ai1rIkHyg/KShXEv7mO++vaKx7ASwzJbQ
zU2XLXqe7Vb3l6On06MkD70ARl17mzfXFcsg08+tG37POPot5F1zFnc3RaOBrmlu
dCX7uBCf6ePxF2hOvFaUx+UJFRR0VNsIrhbxmQEjbmyde0g7RRB0Op2VBcP1CCIg
dLRXgjnbP6pcpx3qgR1dNCVEVnGZzLJ65tcbROUg6P5/4+0ANy+ymY3b7ERZ9pQA
a8Wbhug/q1SvrfHOWP6qMYwG0yVMfL0i2ajIzJx5ObuhIZJICsoP2f3nbV25uqmV
fKFlSH8slD/fyMN6B09MRNPo+Q0Y5A3H8ZdCm2kAPJghsHuuprBlTDj/+PlKSK8k
xfQ7cnPLvFwZg4FEJ3cuMkJOkVCDT1FeGm6MPPiYe1EEnHRD7wA=
=iOtA
-----END PGP SIGNATURE-----