[Pkg-roundcube-maintainers] CVE-2023-47272/roundcube: {bullseye, bookworm}-security uploads
Guilhem Moulin
guilhem at debian.org
Fri Dec 1 10:40:28 GMT 2023
On Fri, 01 Dec 2023 at 07:56:27 +0100, Sébastien Delafond wrote:
> On Thu, Nov 30 2023, Sébastien Delafond wrote:
>> On Tue, Nov 28 2023, Guilhem Moulin wrote:
>>> I'd like to propose the attach debdiffs to fix CVE-2023-47272/roundcube.
>>>
>>> Bullseye and Bookworm have respectively been following upstream's LTS
>>> (1.4) and stable (1.6) branch. Upstream has not released 1.4.16 yet so
>>> I backported the fix from the release-1.4 branch for Bullseye. However
>>> for Bookworm I imported new bugfix/security upstream release 1.6.5 like
>>> for previous security fixes.
>>>
>>> Both 1.4.15+dfsg.1-1~deb11u2 and 1.6.5+dfsg-1~deb12u1 have been tested.
>>> (Also upstream's new unit tests are run at build time.)
>>
>> thanks for the debdiffs, I'll review them shortly.
>
> They both look good, please upload to security-master (the bookworm one
> will need to be built with -sa).
Uploaded, thanks Sebastien!
--
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-roundcube-maintainers/attachments/20231201/aef700a0/attachment.sig>
More information about the Pkg-roundcube-maintainers
mailing list