[Pkg-roundcube-maintainers] Bug#927713: CVE-2019-10740
Salvatore Bonaccorso
carnil at debian.org
Tue May 14 05:30:23 BST 2019
Hi Guilhem
On Tue, May 14, 2019 at 02:05:31AM +0200, Guilhem Moulin wrote:
> Hi,
>
> On Mon, 13 May 2019 at 21:43:23 +0200, Salvatore Bonaccorso wrote:
> > On Sun, Apr 21, 2019 at 10:25:22PM +0200, Moritz Muehlenhoff wrote:
> >> Source: roundcube
> >> Severity: important
> >> Tags: security
> >>
> >> This was assigned CVE-2019-10740:
> >> https://github.com/roundcube/roundcubemail/issues/6638
> >
> > The issue seems to have been adressed upstream now.
>
> Thanks for the follow-up! AFAICT this issue is mostly irrelevant for
> Stretch/Buster as it's about the Enigma plugin, which depends on a PHP
> PEAR module (php-crypt-gpg) that's in neither release.
>
> While it might be worth fixing in a later point release, or in an upload
> to security-master along with the next security fix, this probably
> doesn't warrant a DSA does it?
Ack, right! I have updated the security-tracker accordingly!
Regards,
Salvatore
More information about the Pkg-roundcube-maintainers
mailing list