[Pkg-roundcube-maintainers] Bug#775576: CVE-2014-9587

Vincent Bernat bernat at debian.org
Sun Jan 18 11:03:51 UTC 2015

 ❦ 17 janvier 2015 17:13 +0100, Moritz Muehlenhoff <jmm at debian.org> :

> please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-9587
> for more information.

Hi Moritz!

Backporting the fix don't seem quite complex for the current version in
jessie/unstable. However, this seems quite more complex for the version
in stable. Moreover, the fix is unlikely to be complete since vulnerable
code may have been removed/fixed silently.

I have asked for removal of roundcube from testing to avoid shipping it
in Jessie. None of the maintainers can commit to have enough time for
security support and the current version is already a bit outdated. I'll
try to backport the fix to stable.
"Elves and Dragons!" I says to him.  "Cabbages and potatoes are better
for you and me."
		-- J. R. R. Tolkien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-roundcube-maintainers/attachments/20150118/d17948ab/attachment.sig>

More information about the Pkg-roundcube-maintainers mailing list