[Pkg-roundcube-maintainers] Bug#514179: CVE-2009-0413: possible XSS issue

Vincent Bernat bernat at debian.org
Wed Feb 11 18:58:48 UTC 2009

OoO Pendant  le repas  du mercredi 11  février 2009, vers  19:52, Holger
Levsen <holger at layer-acht.org> disait :

> On Mittwoch, 11. Februar 2009, Vincent Bernat wrote:
>> It should be vulnerable too. Would it be possible to upgrade to 0.2-alpha?

> Besides that it's in experimental atm, do you have a way to reduce it's 
> depends to something which is in etch/bpo or at least lenny?

0.2alpha should run fine in Etch if you reenable the following patch:

The future 0.2stable will need more  work (even for lenny) since it uses
printk("??? No FDIV bug? Lucky you...\n");
	2.2.16 /usr/src/linux/include/asm-i386/bugs.h
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-roundcube-maintainers/attachments/20090211/49d671ff/attachment-0001.pgp 

More information about the Pkg-roundcube-maintainers mailing list