Re: Wheezy update of roundcube?

To: Markus Koschany <apo@debian.org>, debian-lts@lists.debian.org
Subject: Re: Wheezy update of roundcube?
From: Brian May <bam@debian.org>
Date: Mon, 20 Jun 2016 18:56:14 +1000
Message-id: <[🔎] 87oa6wxmq9.fsf@prune.linuxpenguins.xyz>
In-reply-to: <[🔎] 87r3c32m9y.fsf@prune.linuxpenguins.xyz>
References: <20160503154908.GA9135@localhost.localdomain> <00080b45-b07c-9239-22aa-476ab1b6a166@ente.limmat.ch> <[🔎] 87porq3iw8.fsf@prune.linuxpenguins.xyz> <[🔎] 4f37ea4f-9e71-623e-5410-745bb7365068@debian.org> <[🔎] 87r3c32m9y.fsf@prune.linuxpenguins.xyz>

Brian May <bam@debian.org> writes:

> Markus Koschany <apo@debian.org> writes:
>
>> I just had a closer look at the vulnerabilities. I have marked
>> CVE-2016-5103, CVE-2015-2181 and CVE-2015-2180 as not-affected because
>> the vulnerable code is not present in this version. There is no upstream
>> fix available for CVE-2016-4086.
>>
>> That leaves us with CVE-2015-8864 and CVE-2016-4096 whereby the latter
>> needs more investigation. Some affected plugins don't exist in Wheezy,
>> the rest of the code is quite different.
>>
>> If you agree I intend to fix the two CVEs shortly. At the moment I think
>> a backport is not necessary.
>
> Not sure if you were asking me or the mailing list, however no
> objections from me. I say go ahead and do it.

Did you still want to do this?
-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: Wheezy update of roundcube?
  - From: Markus Koschany <apo@debian.org>

References:
- Re: Re: Wheezy update of roundcube?
  - From: Brian May <bam@debian.org>
- Re: Wheezy update of roundcube?
  - From: Markus Koschany <apo@debian.org>
- Re: Wheezy update of roundcube?
  - From: Brian May <bam@debian.org>

Prev by Date: Xen i386 support on Debian wheezy-LTS
Next by Date: Re: Wheezy update of roundcube?
Previous by thread: Re: Wheezy update of roundcube?
Next by thread: Re: Wheezy update of roundcube?
Index(es):
- Date
- Thread