During the month of February 2026 and on behalf of Freexian, I worked on the following:
roundcube --------- Uploaded 1.4.15+dfsg.1-1+deb11u7 and issued DLA-4480-1. https://lists.debian.org/msgid-search/[email protected] * CVE-2026-25916: Remote image blocking bypass via SVG content. * CVE-2026-26079: Insufficient CSS sanitation in text/html emails. gnutls28 -------- Uploaded 3.7.1-5+deb11u9 and issued DLA-4492-1. https://lists.debian.org/msgid-search/[email protected] * CVE-2025-9820: Stack overflow during PKCS#11 token initialization. * CVE-2025-14831: Denial of Service during verification of specially crafted certificates. Also, uploaded 3.6.7-4+deb10u15 (buster) and 3.5.8-5+deb9u10 (stretch), and issued ELA-1653-1 for the above vulnerabilities. https://www.freexian.com/lts/extended/updates/ela-1653-1-gnutls28/ Thanks to the sponsors for financing the above, and to Freexian for coordinating! -- Guilhem.
signature.asc
Description: PGP signature
