[Pkg-giraffe-discuss] koapno-webap and php-gettext: CVE-2016-6175
Carsten Schoenert
c.schoenert at t-online.de
Tue Jul 16 15:27:15 BST 2019
Hello Jelle,
I'm not sure if Kopano is aware of an problematic CVE for php-gettext.
This package has a bug [1] within the Debian tracker with severity grave
because of CVE-2016-6175.
As visible this CVE is from 2016!! and got no attraction until now
upstream in the php-gettext source. So php-gettext will get removed from
testing on 06 August.
kopano-webapp will get removed also from testing then as it depends on
php-gettext and I don't believe this CVE will get fixed in the sooner
future or even ever.
What is the position of Kopano on this? The problem is of course not
only existing in Debian but also in all downstream distributions and
also in other Linux distribution I guess. phpmyadmin has moved over to
motranslator, this isn't packaged for Debian yet. If suitable we would
live for sure with en embedded source for now.
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851771
--
Regards
Carsten Schoenert
More information about the Pkg-giraffe-discuss
mailing list