[Pkg-roundcube-maintainers] Bug#847287: Security Update for roundcube -- planning

[Sandro Knauß]

Hey,

we are discussing how we should handle the security issue for roundcube. It 
has currently now CVE it is tracked as:
TEMP-0847287-64604E on security.debian.org
or #847287 on BTS

Because we should not upload a new 1.1.X version to bpo, we thought to only 
push an update that fixes only this issue and afterwards request a removal from 
backports. Cause the version in backports is outdated and updates to this 
package are not allowed as discussed in 	debian-backports at lists.debian.org and 
splitting the upstream package to sec updates/not sec updates is work, we are 
not able to provide.

Is this a way to go?

Best Regards,

sandro

PS: maybe we should move the discussion to debian-backports at lists.debian.org. 
This inital mail should go to team, because the issue is a security issue and 
how to handle this, the other stuff can be handled later...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-roundcube-maintainers/attachments/20161207/8f3bd9e9/attachment-0001.sig>