[Pkg-roundcube-maintainers] Bug#514179: CVE-2009-0413: possible XSS issue

Holger Levsen holger at layer-acht.org
Tue Feb 10 10:30:00 UTC 2009


On Montag, 9. Februar 2009, Luk Claes wrote:
> > After  some  investigations,  we  discovered  that  roundcube  0.1.1  is
> > vulnerable to  this XSS  attack but is  also vulnerable to  many others,
> > even trivial ones.
> >
> > We  believe  that  we  cannot  fix those  security  issues  with  simple
> > patches. The best way to handle them would be to upgrade to 0.2 which is
> > not ready for  unstable yet (and cannot run in  Lenny because of missing
> > dependencies).
> >
> > Therefore, it seems to be safer to just remove roundcube from Lenny.
> removal hint added

And what about the version in etch-backports now?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-roundcube-maintainers/attachments/20090210/9665401f/attachment.pgp 

More information about the Pkg-roundcube-maintainers mailing list