Package: roundcube Version: 0.2.2-1 Severity: grave Tags: security Justification: user security hole
Hi, I have roundcube 0.1.1.10 installed from backports, and I see people exploiting roundcube CVE-2008-5619 (http://trac.roundcube.net/ticket/1485618). Any chances the fix mentioned there could be backported to etch? For now I pulled the version from unstable on my system. Best, Benjamin -- System Information: Debian Release: 4.0 APT prefers oldstable APT policy: (500, 'oldstable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-6-amd64 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages roundcube depends on: ii roundcube-core 0.2.2-1 skinnable AJAX based webmail solut roundcube recommends no packages. Versions of packages roundcube-core depends on: ii apache2 2.2.3-4+etch8 Next generation, scalable, extenda ii apache2-mpm-prefork 2.2.3-4+etch8 Traditional model for Apache HTTPD ii dbconfig-common 1.8.29+etch1 common framework for packaging dat ii debconf [debconf-2.0 1.5.11etch2 Debian configuration management sy ii libmagic1 4.17-5etch3 File type determination library us ii php-auth 1.2.4-0.1 PHP PEAR modules for creating an a ii php-mail-mime 1.5.2-0.1 PHP PEAR module for creating MIME ii php-mdb2 2.5.0b2-1 PHP PEAR module to provide a commo ii php-net-smtp 1.2.6-2 PHP PEAR module implementing SMTP ii php-net-socket 1.0.6-2 PHP PEAR Network Socket Interface ii php5 5.2.0+dfsg-8+etch15 server-side, HTML-embedded scripti ii php5-gd 5.2.0+dfsg-8+etch15 GD module for php5 ii php5-mcrypt 5.2.0+dfsg-8+etch15 MCrypt module for php5 ii php5-pspell 5.2.0+dfsg-8+etch15 pspell module for php5 ii roundcube-sqlite 0.2.2-1 metapackage providing sqlite depen ii tinymce 3.2.1.1-0.1 platform independent web based Jav ii ucf 2.0020 Update Configuration File: preserv -- debconf information: * roundcube/dbconfig-install: true * roundcube/db/dbname: roundcube roundcube/pgsql/authmethod-admin: ident roundcube/pgsql/admin-user: postgres roundcube/internal/skip-preseed: false roundcube/db/app-user: roundcube/dbconfig-reinstall: false * roundcube/restart-webserver: false roundcube/dbconfig-upgrade: true roundcube/remote/port: roundcube/pgsql/no-empty-passwords: roundcube/passwords-do-not-match: roundcube/internal/reconfiguring: false roundcube/upgrade-error: abort roundcube/pgsql/authmethod-user: password roundcube/purge: false * roundcube/language: de_DE roundcube/remote/newhost: roundcube/pgsql/changeconf: false roundcube/upgrade-backup: true roundcube/install-error: abort roundcube/mysql/admin-user: root * roundcube/hosts: netronaut.de:6666 roundcube/dbconfig-remove: roundcube/mysql/method: unix socket roundcube/remove-error: abort roundcube/pgsql/method: unix socket roundcube/pgsql/manualconf: * roundcube/db/basepath: /var/lib/dbconfig-common/sqlite/roundcube * roundcube/reconfigure-webserver: apache2 * roundcube/database-type: sqlite roundcube/remote/host: -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
