Control: notfixed -1 1.5.1+dfsg-1 Control: found -1 1.5.1+dfsg-1 Hi Salvatore!
On Mon, 03 Jan 2022 at 09:47:28 +0100, Salvatore Bonaccorso wrote: > On Sun, Jan 02, 2022 at 10:50:25PM +0100, Guilhem Moulin wrote: >> Package: roundcube >> Severity: important >> Tags: security >> Control: found -1 1.3.17+dfsg.1-1~deb10u1 >> Control: found -1 1.4.12+dfsg.1-1~deb11u1 >> Control: fixed -1 1.5.1+dfsg-1 > > ^^^^^^^^^^^^ > > Is this correct with the 1.5.1+dfsg-1 version? The release notes say > that it is fixed in 1.5.2 upstream. Asking for clarifying the > tracking. Oops sorry wrong copy-paste, well spotted! I'll propose uploads for buster- and bullseye-security later today; meanwhile perhaps you or another Security Team member would like to assign a CVE number for this? Then I'll have the proper d/changelog right away :-) I'm planning to upload 1.5.2+dfsg-1 to sid later today too, but note that it won't enter testing because 1.5 is not fully compatible with PHP 8.1. Cheers -- Guilhem.
signature.asc
Description: PGP signature
