OoO En cette fin de matinée radieuse du mardi 10 février 2009, vers
11:30, Holger Levsen <holger@layer-acht.org> disait :
>> > After some investigations, we discovered that roundcube 0.1.1 is
>> > vulnerable to this XSS attack but is also vulnerable to many others,
>> > even trivial ones.
>> >
>> > We believe that we cannot fix those security issues with simple
>> > patches. The best way to handle them would be to upgrade to 0.2 which is
>> > not ready for unstable yet (and cannot run in Lenny because of missing
>> > dependencies).
>> >
>> > Therefore, it seems to be safer to just remove roundcube from Lenny.
>> removal hint added
> And what about the version in etch-backports now?
It should be vulnerable too. Would it be possible to upgrade to 0.2-alpha?
--
printk("Illegal format on cdrom. Pester manufacturer.\n");
2.2.16 /usr/src/linux/fs/isofs/inode.c
Attachment:
pgpx64Pd0Q1zG.pgp
Description: PGP signature