[Pkg-roundcube-maintainers] Bug#514179: CVE-2009-0413: possible XSS issue
Holger Levsen
holger at layer-acht.org
Tue Feb 10 10:30:00 UTC 2009
Hi,
On Montag, 9. Februar 2009, Luk Claes wrote:
> > After some investigations, we discovered that roundcube 0.1.1 is
> > vulnerable to this XSS attack but is also vulnerable to many others,
> > even trivial ones.
> >
> > We believe that we cannot fix those security issues with simple
> > patches. The best way to handle them would be to upgrade to 0.2 which is
> > not ready for unstable yet (and cannot run in Lenny because of missing
> > dependencies).
> >
> > Therefore, it seems to be safer to just remove roundcube from Lenny.
> removal hint added
And what about the version in etch-backports now?
regards,
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-roundcube-maintainers/attachments/20090210/9665401f/attachment.pgp
More information about the Pkg-roundcube-maintainers
mailing list