[Pkg-roundcube-maintainers] Bug#927713: CVE-2019-10740

Guilhem Moulin guilhem at debian.org
Tue May 14 01:05:31 BST 2019


Hi,

On Mon, 13 May 2019 at 21:43:23 +0200, Salvatore Bonaccorso wrote:
> On Sun, Apr 21, 2019 at 10:25:22PM +0200, Moritz Muehlenhoff wrote:
>> Source: roundcube
>> Severity: important
>> Tags: security
>> 
>> This was assigned CVE-2019-10740:
>> https://github.com/roundcube/roundcubemail/issues/6638
> 
> The issue seems to have been adressed upstream now.

Thanks for the follow-up!  AFAICT this issue is mostly irrelevant for
Stretch/Buster as it's about the Enigma plugin, which depends on a PHP
PEAR module (php-crypt-gpg) that's in neither release.

While it might be worth fixing in a later point release, or in an upload
to security-master along with the next security fix, this probably
doesn't warrant a DSA does it?

-- 
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-roundcube-maintainers/attachments/20190514/dd1b615a/attachment.sig>


More information about the Pkg-roundcube-maintainers mailing list