[Pkg-roundcube-maintainers] Bug#536498: closed by Nico Golde <nion at debian.org> (Re: Bug#536498: Please backport roundcube CVE-2008-5619)
Alexander Wirt
formorer at debian.org
Fri Jul 10 18:17:04 UTC 2009
Benjamin Bannier schrieb am Friday, den 10. July 2009:
> On Fri, 10 Jul 2009 19:45:41 +0200
> Nico Golde <nion at debian.org> wrote:
>
> > > I see roundcube-0.1.1-10~bpo40+2 still in backports. [..]
> >
> > That's why I marked this bug as done with the unstable version.
>
> Sorry, maybe I got confused. I reported this bug here because the
> backports version was listed in the list of Debian packages.
>
> If backports doesn't even have bugtracker (couldn't find one on
> their homepage) this is maybe the right time to dump if from my
> sources.list.
>
> > > I urge you to please make a version bump to backports since this is
> > > a security issue.
> >
> > The best would be probably to ping the one who did the initial
> > backport. I CCed Alexander Wirt and Gerfried Fuchs (from
> > backports.org), maybe they can help you.
>
> Thanks. This should really be fixed.
Jupp I'll remove roundcube from bpo. The code quality is awfull and there are
still several code fragments which quality and security is questionable.
Alex
More information about the Pkg-roundcube-maintainers
mailing list