[Pkg-roundcube-maintainers] Bug#927713: CVE-2019-10740

Salvatore Bonaccorso carnil at debian.org
Tue May 14 05:30:23 BST 2019


Hi Guilhem

On Tue, May 14, 2019 at 02:05:31AM +0200, Guilhem Moulin wrote:
> Hi,
> 
> On Mon, 13 May 2019 at 21:43:23 +0200, Salvatore Bonaccorso wrote:
> > On Sun, Apr 21, 2019 at 10:25:22PM +0200, Moritz Muehlenhoff wrote:
> >> Source: roundcube
> >> Severity: important
> >> Tags: security
> >> 
> >> This was assigned CVE-2019-10740:
> >> https://github.com/roundcube/roundcubemail/issues/6638
> > 
> > The issue seems to have been adressed upstream now.
> 
> Thanks for the follow-up!  AFAICT this issue is mostly irrelevant for
> Stretch/Buster as it's about the Enigma plugin, which depends on a PHP
> PEAR module (php-crypt-gpg) that's in neither release.
> 
> While it might be worth fixing in a later point release, or in an upload
> to security-master along with the next security fix, this probably
> doesn't warrant a DSA does it?

Ack, right! I have updated the security-tracker accordingly!

Regards,
Salvatore



More information about the Pkg-roundcube-maintainers mailing list