Advisories » MGASA-2025-0332

Updated roundcubemail packages fix security vulnerabilities

Publication date: 22 Dec 2025
Modification date: 22 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-68460 , CVE-2025-68461

Description

Fix Cross-Site-Scripting vulnerability via SVG's animate tag reported by
Valentin T., CrowdStrike.
Fix Information Disclosure vulnerability in the HTML style sanitizer
reported by somerandomdev.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34863
• https://github.com/roundcube/roundcubemail/releases/tag/1.6.12
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68460
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68461

SRPMS

9/core

• roundcubemail-1.6.12-1.mga9