Re: Wheezy update of roundcube?
Markus Koschany <email@example.com> writes:
> I just had a closer look at the vulnerabilities. I have marked
> CVE-2016-5103, CVE-2015-2181 and CVE-2015-2180 as not-affected because
> the vulnerable code is not present in this version. There is no upstream
> fix available for CVE-2016-4086.
> That leaves us with CVE-2015-8864 and CVE-2016-4096 whereby the latter
> needs more investigation. Some affected plugins don't exist in Wheezy,
> the rest of the code is quite different.
> If you agree I intend to fix the two CVEs shortly. At the moment I think
> a backport is not necessary.
Not sure if you were asking me or the mailing list, however no
objections from me. I say go ahead and do it.
Brian May <firstname.lastname@example.org>