[Pkg-roundcube-maintainers] Bug#843795: In a multipart/related email with an image, the image is not displayed
Michael Laß
bevan at bi-co.net
Wed May 31 17:46:36 UTC 2017
Dear Sandro:
This is not an upstream issue but was introduced by a Wheezy LTS update (0.7.2-9+deb7u4). The error is introduced in CVE-2016-4069.patch. The solution mentioned by Alberto seems correct to me. We want to set $secure true and not $task.
Overriding $task leads to the erroneous URL when roundcube tries to load attached images like mentioned here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851214
and here:
https://www.linux.org.ru/forum/admin/12989230
The consequence is that attached images are not shown anymore in roundcube and for signed messages there is actually no no way at all to access the images. So, this is a quite severe regression.
Since this is a regression introduced by an LTS update and LTS will stay active for a year from now, I think this should be fixed in an update through LTS as well.
Cheers,
Michael
More information about the Pkg-roundcube-maintainers
mailing list