Re: [SECURITY] [DLA 737-1] roundcube security update

To: debian-lts@lists.debian.org
Cc: Christoph Martin <martin@uni-mainz.de>
Subject: Re: [SECURITY] [DLA 737-1] roundcube security update
From: Markus Koschany <apo@debian.org>
Date: Fri, 9 Dec 2016 13:17:25 +0100
Message-id: <[🔎] 0b194d94-0ff7-e186-6587-a5d170d05cdd@debian.org>
In-reply-to: <[🔎] 1481279016.3569772.813620393.7922C8AB@webmail.messagingengine.com>
References: <1481223677.555634.812949481.506D76A3@webmail.messagingengine.com> <[🔎] 539a3285-bacc-2480-d2d2-5d72939167bb@uni-mainz.de> <[🔎] 1481279016.3569772.813620393.7922C8AB@webmail.messagingengine.com>

On 09.12.2016 11:23, Chris Lamb wrote:
> Hi Christoph,
> 
>> will there also be a fixed wheezy-backports version? It is at 0.9.5.
> 
> As this CVE/DLA is still fresh in my mind, I've gone ahead and uploaded a
> 0.9.5-1~bpo70+1.1 to wheezy-backports.
> 
> Enjoy :)
> 

Hi,

I cannot really recommend to use the wheezy-backports version of
roundcube. It is still affected by all the other security
vulnerabilities from the past. We had already talked about this to the
maintainers but they didn't take action to request its removal from
Debian. I wonder if we should do it now?

Regards,

Markus

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: [SECURITY] [DLA 737-1] roundcube security update
  - From: Alexander Wirt <formorer@formorer.de>

References:
- Re: [SECURITY] [DLA 737-1] roundcube security update
  - From: Christoph Martin <martin@uni-mainz.de>
- Re: [SECURITY] [DLA 737-1] roundcube security update
  - From: Chris Lamb <lamby@debian.org>

Prev by Date: Re: Wheezy update of unzip?
Next by Date: Re: [SECURITY] [DLA 737-1] roundcube security update
Previous by thread: Re: [SECURITY] [DLA 737-1] roundcube security update
Next by thread: Re: [SECURITY] [DLA 737-1] roundcube security update
Index(es):
- Date
- Thread