On Fri, 09 Dec 2016, Markus Koschany wrote: > On 09.12.2016 11:23, Chris Lamb wrote: > > Hi Christoph, > > > >> will there also be a fixed wheezy-backports version? It is at 0.9.5. > > > > As this CVE/DLA is still fresh in my mind, I've gone ahead and uploaded a > > 0.9.5-1~bpo70+1.1 to wheezy-backports. > > > > Enjoy :) > > > > Hi, > > I cannot really recommend to use the wheezy-backports version of > roundcube. It is still affected by all the other security > vulnerabilities from the past. We had already talked about this to the > maintainers but they didn't take action to request its removal from > Debian. I wonder if we should do it now? I did it now. Alex - Backports ftpmaster
Attachment:
signature.asc
Description: PGP signature