-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5934-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 02, 2025                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : roundcube
CVE ID         : CVE-2025-49113

It was discovered that missing input validation in RoundCube Webmail
could result in code execution.

For the stable distribution (bookworm), these problems have been fixed in
version 1.6.5+dfsg-1+deb12u5.

We recommend that you upgrade your roundcube packages.

For the detailed security status of roundcube please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/roundcube

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmg+DBIACgkQEMKTtsN8
TjaDwQ//XbjP2KsdmzYKieznuZbyAo2GyBIIm0H1WKN9bQBQ3AKDy3xeIeDLIcyp
HecNR9j6Ys1wXMi3t7E+rUYaPCChjC0zg4xbLfp4dANnaoQ6eTtlcSC6jAvx8fQc
+14qCJtQY+7eMNEUv+YSXrBeacuKOjZzxCJkBPNjpwLpAgvkhsL9SDJMFhmigmzD
JM4NNjHNgy+lV8uUjWfwFA3agOUIcPoaIZR5VROX9DVO8fTBNJnwQv9EmhqF7MOq
Fw7dSUy94oC1sf2RPUgR606HDMNGcXtsHLRCRqkhHcVns6VLjTzAvjS9i1AEAQp8
/UvFQKC4pdxhlb3xJZuIWx8L3Rd2P4aNh4TtsBDfG7+N0y6fkn0hgjnVxQR65XR/
VOkQWQNDlwgz+Vmv+mwyNue5oZpHbTCLWzU5XU+8u1msp5iRb5yNMORMw9w6z1wu
5SvI6cQk8wPzcgeLe4YMIpAYeh/ADJqRqfwY0b4k+98ILOkH6tyn0wobfQzWkKJc
3cKa5kGAwNjP7oCRsNJLvhCY0QTDihs1vhLSDFlmRlE/7r3K1r1ye7sKHFDZKWc4
2vEA/x33ovH0jf91/x4opNvPGf944s0EEwurWZx6wDUtRdJgrXtOXbrFark3PF09
Xd5pmW8MuZtUpx5pRJ1VpcaAU87wVBA/XxJ2ttI+FE71eYTqqj8=
=Jiqa
-----END PGP SIGNATURE-----