Bug#964456: stretch-pu: package roundcube/1.2.3+dfsg.1-4+deb9u6

["Adam D. Barratt" <adam@adam-barratt.org.uk>]

Control: tags -1 + confirmed

On Tue, 2020-07-07 at 16:00 +0200, Guilhem Moulin wrote:
> In a recent post roundcube webmail upstream has announced the
> following security fix:
> 
>     CVE-2020-15562: Prevent cross-site scripting (XSS) via HTML
> messages     with malicious svg/namespace.
> 
> This is tracker as #964355.  The security team gave the green light
> for an upload of 1.3.14+dfsg.1-1~deb10u1 to buster-security, but
> suggested to target old-p-u for stretch.   stretch currently has
> 1.2.3+dfsg.1-4+deb9u3
> wwhile stretch-security and stretch-pu have 1.2.3+dfsg.1-
> 4+deb9u5.  Both debdiffs attached.

It looks like you actually attached the latter debdiff twice. But
that's the one we want, so that's fine. :-)

Please go ahead.

> unblock roundcube/1.2.3+dfsg.1-4+deb9u6

Did reportbug add that for a p-u request?

Regards,

Adam