[Pkg-roundcube-maintainers] Security issues in roundcube 1.2.3+dfsg.1-4+deb9u3 and 1.3.10+dfsg.1-1~deb10u1
Sébastien Delafond
seb at debian.org
Fri May 1 09:25:07 BST 2020
On 30/04 00:36, Guilhem Moulin wrote:
> For stretch-security I prepared 1.2.3+dfsg.1-4+deb9u4 with the
> attached debdiff.
>
> The package in buster is currently following the 1.3 branch so I guess
> it'd make sense to upload 1.3.11+dfsg.1-1~deb10u1 to the upcoming
> Debian 10.4 and skip buster-security. I suppose the second debdiff is
> beyond the scope of buster-security, but if you disagree I'd be happy
> to change the target and upload there instead of buster-pu.
>
> Both version have been tested.
Hi Guilhem,
sorry for the lag, and thanks for the debdiffs: they look OK once you
target buster-security in 1.3.11+dfsg.1-1~deb10u1.
Before you upload, do you care for CVE assignments on those issues? I
can ask MITRE for a couple of them.
Cheers,
--
Seb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-roundcube-maintainers/attachments/20200501/312237f8/attachment.sig>
More information about the Pkg-roundcube-maintainers
mailing list