[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of sogo?



Am 18.05.2016 um 21:01 schrieb Jeroen Dekkers:
> Hi Markus,
> 
> Sorry for the late reply. This bug also isn't fixed in jessie, the
> reason for this is that upstream isn't going to fix this for SOGo 2
> and earlier. The security bug is about the complete lack of CSRF
> protection and implementing that is going to be a lot of work. SOGo 3
> has a complete new frontend and that has CSRF protection now, so I
> think it is best to just mark SOGo as unsupported in wheezy-lts. I
> haven't had the time yet to finish packaging SOGo 3, but I'll be at
> debcamp next month and should have enough time then to do that and
> create a backport for jessie.
> 

Hi Jeroen,

thank you for your reply. I see. We only ship the 1.x series in Wheezy,
so this would require even more backporting work and I don't think this
is justified in sogo's case. I believe we should mark sogo as
unsupported in Wheezy but I will wait for further feedback from the team
until I am going to do that.

Cheers,

Markus


Attachment: signature.asc
Description: OpenPGP digital signature


Reply to: