[Pkg-roundcube-maintainers] Bug#536498: Please backport roundcube CVE-2008-5619

Nico Golde nion at debian.org
Mon Jul 13 12:28:30 UTC 2009

* Gerfried Fuchs <rhonda at deb.at> [2009-07-13 14:17]:
> * Benjamin Bannier <benjamin.bannier at netronaut.de> [2009-07-10 17:14:45 CEST]:
> > thanks for your quick response.
> > 
> > I see roundcube-0.1.1-10~bpo40+2 still in backports. I presume this
> > doesn't include the patch to fix this specific issue.
>  Erm, are you sure? According to Nico it was fixed in 0.1.1-9 which is
> older than 0.1.1-10. I'm now pretty puzzled about the whole fuzz and the
> issue at hand?

I checked the package of backports and the issue you are 
reporting seems indeed to be fixed. Do you have any evidence 
that this or a similar issue is being exploited on your 

Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-roundcube-maintainers/attachments/20090713/7796fbb1/attachment.pgp>

More information about the Pkg-roundcube-maintainers mailing list