On Mon, 13 Jul 2009 14:28:30 +0200
Nico Golde wrote:
> * Gerfried Fuchs [2009-07-13 14:17]:
> > * Benjamin Bannier [2009-07-10
> > 17:14:45 CEST]:
> > > thanks for your quick response.
> > >
> > > I see roundcube-0.1.1-10~bpo40+2 still in backports
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 13 Jul 2009 14:27:31 +0200
Gerfried Fuchs wrote:
> ... which, in the case of this bugreport, is done. 0.1.1-9 did fix
> CVE-2008-5619 for etch-backports, so it rather seems to me that
> Benjamin got some things mixed up, unless the claimed p
On Fri, 10 Jul 2009 19:45:41 +0200
Nico Golde wrote:
> > I see roundcube-0.1.1-10~bpo40+2 still in backports. [..]
>
> That's why I marked this bug as done with the unstable version.
Sorry, maybe I got confused. I reported this bug here because the
backports version was listed in the list of De
Hi,
thanks for your quick response.
I see roundcube-0.1.1-10~bpo40+2 still in backports. I presume this
doesn't include the patch to fix this specific issue.
I urge you to please make a version bump to backports since this is a
security issue.
Thanks,
Benjamin
--
To UNSUBSCRIBE, email to
Package: roundcube
Version: 0.2.2-1
Severity: grave
Tags: security
Justification: user security hole
Hi,
I have roundcube 0.1.1.10 installed from backports, and I see people
exploiting roundcube CVE-2008-5619
(http://trac.roundcube.net/ticket/1485618).
Any chances the fix mentioned there could b
5 matches
Mail list logo
