Hi Guilhem, On Mon, Jan 03, 2022 at 09:57:29AM +0100, Guilhem Moulin wrote: > Control: notfixed -1 1.5.1+dfsg-1 > Control: found -1 1.5.1+dfsg-1 > > Hi Salvatore! > > On Mon, 03 Jan 2022 at 09:47:28 +0100, Salvatore Bonaccorso wrote: > > On Sun, Jan 02, 2022 at 10:50:25PM +0100, Guilhem Moulin wrote: > >> Package: roundcube > >> Severity: important > >> Tags: security > >> Control: found -1 1.3.17+dfsg.1-1~deb10u1 > >> Control: found -1 1.4.12+dfsg.1-1~deb11u1 > >> Control: fixed -1 1.5.1+dfsg-1 > > > > ^^^^^^^^^^^^ > > > > Is this correct with the 1.5.1+dfsg-1 version? The release notes say > > that it is fixed in 1.5.2 upstream. Asking for clarifying the > > tracking. > > Oops sorry wrong copy-paste, well spotted! I'll propose uploads for > buster- and bullseye-security later today; meanwhile perhaps you or > another Security Team member would like to assign a CVE number for this? > Then I'll have the proper d/changelog right away :-) > > I'm planning to upload 1.5.2+dfsg-1 to sid later today too, but note > that it won't enter testing because 1.5 is not fully compatible with PHP > 8.1.
Thank you. I have requested a CVE, will update this bug once/if one is assigned. Regards, Salvatore
