Bug#775576: CVE-2014-9587
Control: fixed -1 1.1.1+dfsg.1-1 Hi This should be fixed in the recent uploaded roundcube version. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775576: CVE-2014-9587
❦ 20 janvier 2015 19:07 +0100, Salvatore Bonaccorso car...@debian.org : I have asked for removal of roundcube from testing to avoid shipping it in Jessie. None of the maintainers can commit to have enough time for security support and the current version is already a bit outdated. I'll try to backport the fix to stable. Should btw due to this a RC bug be opened in roundcube so that it will prevent migration to testing also after the release until more maintenance manpower can be found? Yes, I am upgrading the bug about the new upstream version to important. -- Don't diddle code to make it faster - find a better algorithm. - The Elements of Programming Style (Kernighan Plauger) signature.asc Description: PGP signature
Bug#775576: CVE-2014-9587
Hi Vincent, On Sun, Jan 18, 2015 at 12:03:51PM +0100, Vincent Bernat wrote: I have asked for removal of roundcube from testing to avoid shipping it in Jessie. None of the maintainers can commit to have enough time for security support and the current version is already a bit outdated. I'll try to backport the fix to stable. Should btw due to this a RC bug be opened in roundcube so that it will prevent migration to testing also after the release until more maintenance manpower can be found? Just wondering to avoid similar situation later on. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#775576: CVE-2014-9587
❦ 17 janvier 2015 17:13 +0100, Moritz Muehlenhoff j...@debian.org : please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-9587 for more information. Hi Moritz! Backporting the fix don't seem quite complex for the current version in jessie/unstable. However, this seems quite more complex for the version in stable. Moreover, the fix is unlikely to be complete since vulnerable code may have been removed/fixed silently. I have asked for removal of roundcube from testing to avoid shipping it in Jessie. None of the maintainers can commit to have enough time for security support and the current version is already a bit outdated. I'll try to backport the fix to stable. -- Elves and Dragons! I says to him. Cabbages and potatoes are better for you and me. -- J. R. R. Tolkien signature.asc Description: PGP signature
Bug#775576: CVE-2014-9587
Package: roundcube Severity: important Tags: security Hi, please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-9587 for more information. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org