Hi, On Montag, 9. Februar 2009, Luk Claes wrote: > > After some investigations, we discovered that roundcube 0.1.1 is > > vulnerable to this XSS attack but is also vulnerable to many others, > > even trivial ones. > > > > We believe that we cannot fix those security issues with simple > > patches. The best way to handle them would be to upgrade to 0.2 which is > > not ready for unstable yet (and cannot run in Lenny because of missing > > dependencies). > > > > Therefore, it seems to be safer to just remove roundcube from Lenny. > removal hint added And what about the version in etch-backports now? regards, Holger
Attachment:
signature.asc
Description: This is a digitally signed message part.