[Pkg-roundcube-maintainers] CVE-2024-42009/roundcube: bullseye-security upload
Moritz Muehlenhoff
jmm at inutil.org
Tue Aug 13 07:49:49 BST 2024
On Mon, Aug 12, 2024 at 03:31:28PM +0200, Guilhem Moulin wrote:
> >> Note that the original patch for CVE-2024-42008 introduces a regression
> >> (#1078456): it sets a too restrictive Content-Security-Policy on the
> >> attachment preview page which breaks printing and other handling of
> >> image attachments. I backported the fix for 1.4.15+dfsg.1-1+deb11u4,
> >> but 1.6.5+dfsg-1+deb12u3 is affected. I assume this doesn't warrant a
> >> follow-up DSA, right? Will go via s-pu in that case.
> >
> > Given that it was introduced in a DSA, let's also address the regression
> > in a DSA. What's in the bookworm branch on salsa looks good, can you
> > please bump the version tp 1.6.5+dfsg-1+deb12u4 and also upload to security-master?
>
> OK! Done that as well.
Thanks! Updates have been released.
Cheers,
Moritz
More information about the Pkg-roundcube-maintainers
mailing list