[Pkg-roundcube-maintainers] Bug#847287: Bug#847287: roundcube: Roundcube 1.2.2: Remote command execution via malicious email composing
Salvatore Bonaccorso
carnil at debian.org
Wed Dec 7 05:35:52 UTC 2016
Hi,
On Wed, Dec 07, 2016 at 12:30:42AM +0100, Guilhem Moulin wrote:
> Hi,
>
> On Tue, 06 Dec 2016 at 23:05:59 +0000, Juan Rossi wrote:
> > Version: 1.1.4+dfsg.1-1~bpo8+1
> > […]
> > So probably it is important to update to upstream version 1.2.3
>
> Unfortunately 1.2.x has many dependencies that aren't in
> jessie-backports yet. I personally don't have the time nor energy to
> maintain said dependencies, so we asked backports folks for an exception
> to stick to 1.1.x for the bpo version, exception which was rejected.
> I'm afraid the remaining alternative is to take remove the package from
> jessie-backports :-(
Upstream fix:
https://github.com/roundcube/roundcubemail/commit/f84233785ddeed01445fc855f3ae1e8a62f167e1
Regards,
Salvatore
More information about the Pkg-roundcube-maintainers
mailing list