[Pkg-roundcube-maintainers] Bug#847287: roundcube: Roundcube 1.2.2: Remote command execution via malicious email composing
Darshaka Pathirana
dpat at syn-net.org
Thu Dec 8 18:25:24 UTC 2016
On Wed, 07 Dec 2016 12:16:14 +0100 Vincent Bernat
<bernat at debian.org> wrote:
> ⦠7 décembre 2016 12:08 +0100, Guilhem Moulin <guilhem at guilhem.org> :
>
> >> Is the tag for debian/1.1.5+dfsg.1-1_bpo8+1? The diff for it is pretty
> >> big.
> >
> > 1.1.5+dfsg.1-1_bpo8+1 is the current version from jessie-backports (since
> > April 29). The diff between 1.1.5+dfsg.1-1_bpo8+1 and 1.1.5+dfsg.1-1_bpo8+2
> > is merely the upstream fix
> >
> > https://anonscm.debian.org/cgit/pkg-roundcube/roundcube.git/diff/?id=debian/1.1.5%2bdfsg.1-1_bpo8%2b2&id2=debian/1.1.5%2bdfsg.1-1_bpo8%2b1
>
> I deleted the tag on my side, fetched it again and the diff is now
> OK. I'll upload in the next hour.
Wow. That was quick! Thanks to you all.
What about wheezy / wheezy-backports? Are these packages affected too?
Regards,
- Darsha
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-roundcube-maintainers/attachments/20161208/e465f342/attachment.sig>
More information about the Pkg-roundcube-maintainers
mailing list