Re: Bug#514179: CVE-2009-0413: possible XSS issue

To: backports-users@lists.backports.org, pkg-roundcube-maintainers@lists.alioth.debian.org
Cc: 514179@bugs.debian.org
Subject: Re: Bug#514179: CVE-2009-0413: possible XSS issue
From: Holger Levsen <holger@layer-acht.org>
Date: Tue, 10 Feb 2009 11:30:00 +0100
Message-id: <[🔎] 200902101130.06903.holger@layer-acht.org>
In-reply-to: <4990B121.60706@debian.org>
References: <20090204231305.12169.10056.reportbug@hannah> <m38wof4hip.fsf@neo.luffy.cx> <4990B121.60706@debian.org>

Hi,

On Montag, 9. Februar 2009, Luk Claes wrote:
> > After  some  investigations,  we  discovered  that  roundcube  0.1.1  is
> > vulnerable to  this XSS  attack but is  also vulnerable to  many others,
> > even trivial ones.
> >
> > We  believe  that  we  cannot  fix those  security  issues  with  simple
> > patches. The best way to handle them would be to upgrade to 0.2 which is
> > not ready for  unstable yet (and cannot run in  Lenny because of missing
> > dependencies).
> >
> > Therefore, it seems to be safer to just remove roundcube from Lenny.
> removal hint added

And what about the version in etch-backports now?


regards,	
	Holger

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Follow-Ups:
- Re: Bug#514179: CVE-2009-0413: possible XSS issue
  - From: Vincent Bernat <bernat@debian.org>

Prev by Date: Please enable lenny-backports
Next by Date: Re: Bug#514179: CVE-2009-0413: possible XSS issue
Previous by thread: Please enable lenny-backports
Next by thread: Re: Bug#514179: CVE-2009-0413: possible XSS issue
Index(es):
- Date
- Thread