Bug#964456: stretch-pu: package roundcube/1.2.3+dfsg.1-4+deb9u6
Control: tags -1 + confirmed
On Tue, 2020-07-07 at 16:00 +0200, Guilhem Moulin wrote:
> In a recent post roundcube webmail upstream has announced the
> following security fix:
>
> CVE-2020-15562: Prevent cross-site scripting (XSS) via HTML
> messages with malicious svg/namespace.
>
> This is tracker as #964355. The security team gave the green light
> for an upload of 1.3.14+dfsg.1-1~deb10u1 to buster-security, but
> suggested to target old-p-u for stretch. stretch currently has
> 1.2.3+dfsg.1-4+deb9u3
> wwhile stretch-security and stretch-pu have 1.2.3+dfsg.1-
> 4+deb9u5. Both debdiffs attached.
It looks like you actually attached the latter debdiff twice. But
that's the one we want, so that's fine. :-)
Please go ahead.
> unblock roundcube/1.2.3+dfsg.1-4+deb9u6
Did reportbug add that for a p-u request?
Regards,
Adam
Reply to: