Hey, we are discussing how we should handle the security issue for roundcube. It has currently now CVE it is tracked as: TEMP-0847287-64604E on security.debian.org or #847287 on BTS
Because we should not upload a new 1.1.X version to bpo, we thought to only push an update that fixes only this issue and afterwards request a removal from backports. Cause the version in backports is outdated and updates to this package are not allowed as discussed in debian-backpo...@lists.debian.org and splitting the upstream package to sec updates/not sec updates is work, we are not able to provide. Is this a way to go? Best Regards, sandro PS: maybe we should move the discussion to debian-backpo...@lists.debian.org. This inital mail should go to team, because the issue is a security issue and how to handle this, the other stuff can be handled later...
signature.asc
Description: This is a digitally signed message part.
