[Pkg-roundcube-maintainers] Security issues in roundcube 1.3.16+dfsg.1-1~deb10u1 and 1.4.11+dfsg.1-4
Guilhem Moulin
guilhem at debian.org
Sat Nov 20 23:14:18 GMT 2021
Hi Salvatore,
On Sat, 20 Nov 2021 at 20:53:44 +0100, Salvatore Bonaccorso wrote:
> Acknowleging we got your update proposal. I think Seb will come back
> to you for the review and ack, as he did review on your earlier
> proposals.
OK!
> Could you in meanwhile already add the assigned CVEs for it? (They are
> CVE-2021-44025 and CVE-2021-44026).
I did when I saw your reply to #1000156 (thanks again!):
https://salsa.debian.org/roundcube-team/roundcube/-/commit/ffe18da79a950822e6abe8b1e80f910c157bd405
https://salsa.debian.org/roundcube-team/roundcube/-/commit/37ae64cb2a1ecd936d4a9e7072ea28dde01d6521
But haven't submitted new debdiffs to avoid the noise at security at debian.org :-)
> I think it will make sense to follow the 1.4 branch as well for
> bullseye(-security) in case it is like 1.3 a security and bugfix only
> branch.
AFAIK it's now the case (and the reason why 1.4.12 also contains a
handful of other changes is probably because 1.5.0 was released between
1.4.11 and 1.4.12).
Cheers
--
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-roundcube-maintainers/attachments/20211121/3116b88c/attachment.sig>
More information about the Pkg-roundcube-maintainers
mailing list