[Pkg-roundcube-maintainers] Bug#963010: roundcube-core: roundcube upgrade keeps breaking my instance due to automatic permission changes of config.inc.php
Guilhem Moulin
guilhem at debian.org
Thu Jul 9 16:17:07 BST 2020
Hi,
On Thu, 09 Jul 2020 at 16:53:03 +0200, Mirko Vogt wrote:
> Can I do anything to push this being fixed or workaround this myself
> without weakening my setup security wise? Thanks!
The bug metadata say:
Found in versions roundcube-core/1.2.3+dfsg.1-4+deb9u3, roundcube-core/1.3.13+dfsg.1-1~deb10u1, roundcube-core/1.3.10+dfsg.1-1~deb10u1
Fixed in versions roundcube-core/1.4.3+dfsg.1-1
So right now versions in testing, sid, and buster-backports are
unaffected, while those in buster, buster-security and stretch and
stretch-security (or anything earlier) are affected.
Some work has been done in the postinst script in 1.4 so the fix doesn't
apply to 1.3.14+dfsg.1-1~deb10u1. It might be possible to write a
targeted patch and convince the release team to accept it as a
stable-proposed-updates, but I personally don't plan to work on that.
--
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-roundcube-maintainers/attachments/20200709/717bf23c/attachment-0001.sig>
More information about the Pkg-roundcube-maintainers
mailing list