On Mon, 13 Jul 2009 14:28:30 +0200
Nico Golde wrote:
> * Gerfried Fuchs [2009-07-13 14:17]:
> > * Benjamin Bannier [2009-07-10
> > 17:14:45 CEST]:
> > > thanks for your quick response.
> > >
> > > I see roundcube-0.1.1-10~bpo40+2 still in backports. I presume
> > > this doesn't include the pat
On Montag, 13. Juli 2009, Gerfried Fuchs wrote:
> > I'd still
> > recommend to upgrade to lenny, but thats the beauty of free software:
> > there is more than one way to do it and everybody can get involved :-)
> Unfortunately, lenny doesn't ship roundcube so that doesn't buy one
> anything.
I me
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 13 Jul 2009 14:27:31 +0200
Gerfried Fuchs wrote:
> ... which, in the case of this bugreport, is done. 0.1.1-9 did fix
> CVE-2008-5619 for etch-backports, so it rather seems to me that
> Benjamin got some things mixed up, unless the claimed p
Hi,
* Gerfried Fuchs [2009-07-13 14:17]:
> * Benjamin Bannier [2009-07-10 17:14:45 CEST]:
> > thanks for your quick response.
> >
> > I see roundcube-0.1.1-10~bpo40+2 still in backports. I presume this
> > doesn't include the patch to fix this specific issue.
>
> Erm, are you sure? According t
Hi again!
* Holger Levsen [2009-07-13 12:10:41 CEST]:
> On Montag, 13. Juli 2009, Gerfried Fuchs wrote:
> > - in this case it was Holger Levsen. Though, I just asked him and he
> > said that he doesn't care about etch-backports.
>
> given that its not possible/desirable to have backports
* Benjamin Bannier [2009-07-10 17:14:45 CEST]:
> thanks for your quick response.
>
> I see roundcube-0.1.1-10~bpo40+2 still in backports. I presume this
> doesn't include the patch to fix this specific issue.
Erm, are you sure? According to Nico it was fixed in 0.1.1-9 which is
older than 0.1.1
Hi,
On Montag, 13. Juli 2009, Gerfried Fuchs wrote:
> - in this case it was Holger Levsen. Though, I just asked him and he
> said that he doesn't care about etch-backports.
given that its not possible/desirable to have backports from squeeze in
etch-bpo (see
http://lists.backports.org/lurker-bp
On Montag, 13. Juli 2009, Gerfried Fuchs wrote:
> - in this case it was Holger Levsen. Though, I just asked him and he
> said that he doesn't care about etch-backports.
> Given that Holger gives a damn
thanks for your understanding and your well done summary of my position.
love,
Holger
* Benjamin Bannier [2009-07-10 20:08:57 CEST]:
> On Fri, 10 Jul 2009 19:45:41 +0200 Nico Golde wrote:
> > > I see roundcube-0.1.1-10~bpo40+2 still in backports. [..]
> >
> > That's why I marked this bug as done with the unstable version.
>
> Sorry, maybe I got confused. I reported this bug here
OoO Vers la fin de l'après-midi du vendredi 10 juillet 2009, vers 16:21,
Benjamin Bannier disait :
> I have roundcube 0.1.1.10 installed from backports, and I see people
> exploiting roundcube CVE-2008-5619
> (http://trac.roundcube.net/ticket/1485618).
> Any chances the fix mentioned there could
On Fri, 10 Jul 2009 19:45:41 +0200
Nico Golde wrote:
> > I see roundcube-0.1.1-10~bpo40+2 still in backports. [..]
>
> That's why I marked this bug as done with the unstable version.
Sorry, maybe I got confused. I reported this bug here because the
backports version was listed in the list of De
Benjamin Bannier schrieb am Friday, den 10. July 2009:
> On Fri, 10 Jul 2009 19:45:41 +0200
> Nico Golde wrote:
>
> > > I see roundcube-0.1.1-10~bpo40+2 still in backports. [..]
> >
> > That's why I marked this bug as done with the unstable version.
>
> Sorry, maybe I got confused. I reported
Hi,
* Benjamin Bannier [2009-07-10 17:35]:
> thanks for your quick response.
>
> I see roundcube-0.1.1-10~bpo40+2 still in backports. I presume this
> doesn't include the patch to fix this specific issue.
That's why I marked this bug as done with the unstable
version.
> I urge you to please ma
Hi,
thanks for your quick response.
I see roundcube-0.1.1-10~bpo40+2 still in backports. I presume this
doesn't include the patch to fix this specific issue.
I urge you to please make a version bump to backports since this is a
security issue.
Thanks,
Benjamin
--
To UNSUBSCRIBE, email to
Package: roundcube
Version: 0.2.2-1
Severity: grave
Tags: security
Justification: user security hole
Hi,
I have roundcube 0.1.1.10 installed from backports, and I see people
exploiting roundcube CVE-2008-5619
(http://trac.roundcube.net/ticket/1485618).
Any chances the fix mentioned there could b
15 matches
Mail list logo
