Re: Bug#514179: CVE-2009-0413: possible XSS issue

To: Vincent Bernat <bernat@debian.org>
Cc: 514179@bugs.debian.org, pkg-roundcube-maintainers@lists.alioth.debian.org, backports-users@lists.backports.org
Subject: Re: Bug#514179: CVE-2009-0413: possible XSS issue
From: Holger Levsen <holger@layer-acht.org>
Date: Wed, 11 Feb 2009 19:52:11 +0100
Message-id: <[🔎] 200902111952.11816.holger@layer-acht.org>
In-reply-to: <[🔎] m3skmk3k65.fsf@neo.luffy.cx>
References: <20090204231305.12169.10056.reportbug@hannah> <[🔎] 200902101130.06903.holger@layer-acht.org> <[🔎] m3skmk3k65.fsf@neo.luffy.cx>

Hi,

On Mittwoch, 11. Februar 2009, Vincent Bernat wrote:
> It should be vulnerable too. Would it be possible to upgrade to 0.2-alpha?

Besides that it's in experimental atm, do you have a way to reduce it's 
depends to something which is in etch/bpo or at least lenny?

(And I'm not sure Alexander will like it. But then the question how to proceed 
is still open. Remove it and send a mail to bpo-announce and inform people?)

Do you have 0.2 running on etch somewhere?


regards,
	Holger

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Follow-Ups:
- Re: Bug#514179: CVE-2009-0413: possible XSS issue
  - From: Vincent Bernat <bernat@debian.org>

References:
- Re: Bug#514179: CVE-2009-0413: possible XSS issue
  - From: Holger Levsen <holger@layer-acht.org>
- Re: Bug#514179: CVE-2009-0413: possible XSS issue
  - From: Vincent Bernat <bernat@debian.org>

Prev by Date: Re: Bug#514179: CVE-2009-0413: possible XSS issue
Next by Date: Re: Bug#514179: CVE-2009-0413: possible XSS issue
Previous by thread: Re: Bug#514179: CVE-2009-0413: possible XSS issue
Next by thread: Re: Bug#514179: CVE-2009-0413: possible XSS issue
Index(es):
- Date
- Thread