Re: Wheezy update of roundcube?

To: Markus Koschany <apo@debian.org>, debian-lts@lists.debian.org
Subject: Re: Wheezy update of roundcube?
From: Brian May <bam@debian.org>
Date: Sun, 12 Jun 2016 12:06:49 +1000
Message-id: <[🔎] 87r3c32m9y.fsf@prune.linuxpenguins.xyz>
In-reply-to: <[🔎] 4f37ea4f-9e71-623e-5410-745bb7365068@debian.org>
References: <20160503154908.GA9135@localhost.localdomain> <00080b45-b07c-9239-22aa-476ab1b6a166@ente.limmat.ch> <[🔎] 87porq3iw8.fsf@prune.linuxpenguins.xyz> <[🔎] 4f37ea4f-9e71-623e-5410-745bb7365068@debian.org>

Markus Koschany <apo@debian.org> writes:

> I just had a closer look at the vulnerabilities. I have marked
> CVE-2016-5103, CVE-2015-2181 and CVE-2015-2180 as not-affected because
> the vulnerable code is not present in this version. There is no upstream
> fix available for CVE-2016-4086.
>
> That leaves us with CVE-2015-8864 and CVE-2016-4096 whereby the latter
> needs more investigation. Some affected plugins don't exist in Wheezy,
> the rest of the code is quite different.
>
> If you agree I intend to fix the two CVEs shortly. At the moment I think
> a backport is not necessary.

Not sure if you were asking me or the mailing list, however no
objections from me. I say go ahead and do it.
-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: Wheezy update of roundcube?
  - From: Brian May <bam@debian.org>

References:
- Re: Re: Wheezy update of roundcube?
  - From: Brian May <bam@debian.org>
- Re: Wheezy update of roundcube?
  - From: Markus Koschany <apo@debian.org>

Prev by Date: Wheezy update of spice?
Next by Date: Re: imagemagick CVE-2016-4562, CVE-2016-4563, CVE-2016-4564
Previous by thread: Re: Wheezy update of roundcube?
Next by thread: Re: Wheezy update of roundcube?
Index(es):
- Date
- Thread