[Pkg-roundcube-maintainers] Bug#1138086: DSA 6301-1 breaks roundcube on PHP 7.4
Vladislav Kurz
vladislav.kurz at mzk.cz
Thu May 28 13:10:49 BST 2026
Dne 28. 05. 26 v 13:19 Guilhem Moulin napsal(a):
>> So this is probably an upstream bug introduced in 1.6.16 and backported to
>> debian 12 in DSA 6301-1
>
> No, that's an issue I introduced in the custom (Debian-specific) fix for
> CVE-2026-48843. (The upstream fix introduces a new dependency which is
> not in Debian, so we need a custom native solution for older suites.)
>
> Noticed the issue as I was working on backport for Bullseye LTS, but
> unfortunately not in time for DSA 6301-1. It's already fixed in the repository at
Thanks for the info, I see updated packages for bullseye, but no
advisory yet. Is it safe to install them?
Best regards
Vladislav Kurz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-roundcube-maintainers/attachments/20260528/1ffcfe44/attachment.sig>
More information about the Pkg-roundcube-maintainers
mailing list