Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1052059: roundcube: Please apply security fix from 1.6.3
1 view
Skip to first unread message
Martin Dosch
Sep 16, 2023, 2:50:05 PM9/16/23
to
Package: roundcube
Severity: normal
Tags: upstream
Dear Maintainer,
upstream released version 1.6.3 which fixes a security issue with the
1.6.x and I kindly ask you to apply the fix for the version in debian
stable.
https://roundcube.net/news/2023/09/15/security-update-1.6.3-released
Best regards,
Martin
-- System Information:
Debian Release: 12.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.1.0-12-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages roundcube depends on:
ii dpkg 1.21.22
pn roundcube-core <none>
roundcube recommends no packages.
roundcube suggests no packages.
Severity: normal
Tags: upstream
Dear Maintainer,
upstream released version 1.6.3 which fixes a security issue with the
1.6.x and I kindly ask you to apply the fix for the version in debian
stable.
https://roundcube.net/news/2023/09/15/security-update-1.6.3-released
Best regards,
Martin
-- System Information:
Debian Release: 12.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.1.0-12-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages roundcube depends on:
ii dpkg 1.21.22
pn roundcube-core <none>
roundcube recommends no packages.
roundcube suggests no packages.
Martin Dosch
Sep 17, 2023, 3:10:04 AM9/17/23
to
Dear maintainer,
actually I chose a high priority for this issue but reportbug reduced severity to normal. Maybe someone could increase it to an appropriate severity.
Best regards,
Martin
actually I chose a high priority for this issue but reportbug reduced severity to normal. Maybe someone could increase it to an appropriate severity.
Best regards,
Martin
Guilhem Moulin
Sep 22, 2023, 4:10:05 AM9/22/23
to
Control: retitle -1 roundcube: CVE-2023-43770: XSS vulnerability in handling of linkrefs in plain text messages
On Mon, 18 Sep 2023 at 13:59:47 +0200, Guilhem Moulin wrote:
> I requested a CVE ID for this issue.
CVE-2023-43770 for this. I'll suggest debdiffs targetting {bullseye,bookworm}-
security after the week-end.
--
Guilhem.
On Mon, 18 Sep 2023 at 13:59:47 +0200, Guilhem Moulin wrote:
> I requested a CVE ID for this issue.
security after the week-end.
--
Guilhem.
Guilhem Moulin
Sep 22, 2023, 4:20:05 AM9/22/23
to
On Fri, 22 Sep 2023 at 10:56:59 +0300, Guilhem Moulin wrote:
> I'll suggest debdiffs targetting {bullseye,bookworm}-security after
> the week-end.
Oh, didn't see the Security Team tagged this as no-dsa. Will target
> I'll suggest debdiffs targetting {bullseye,bookworm}-security after
> the week-end.
{bullseye,bookworm} then.
--
Guilhem.
Guilhem Moulin
Sep 28, 2023, 11:40:05 AM9/28/23
to
On Thu, 28 Sep 2023 at 18:26:07 +0300, Martin Dosch via Pkg-roundcube-maintainers wrote:
> Are there plans to also upload it to stable-pu?
See #1052629
--
Guilhem.
> Are there plans to also upload it to stable-pu?
See #1052629
--
Guilhem.
0 new messages