Hi Claude, On Mon, 02 Jan 2017 at 23:32:01 +0100, Claude Heiland-Allen wrote: > Package: roundcube > Version: 1.1.5+dfsg.1-1~bpo8+2 > Severity: grave > Justification: renders package unusable
I believe this was fixed upstream in 1.2.0
https://github.com/roundcube/roundcubemail/commit/8447bae77c19a2350bd48b0f0c5b3a56a35c7af9#diff-6678ea2316550af087f1ae7115a3398eL71
If that's indeed the case, we should lower the severity as if this bug
doesn't apply to 1.2.3+dfsg.1-1 it shouldn't prevent its inclusion in
Stretch.
> Regular maintainance aptitude safe-upgrade pulled a new version of roundcube
> from jessie-backports which failed to install. Here is the log:
Upgrading from which version? 1.1.5+dfsg.1-1~bpo8+2 differs from
1.1.5+dfsg.1-1~bpo8+1 (the previous version found in jessie-backports)
only by the fix to CVE-2016-9920.
> PHP Fatal error: Uncaught Error: Class 'Patchwork\Utf8\Bootup' not
> found in /usr/share/roundcube/program/include/iniset.php:81
> Stack trace:
> #0 /usr/share/roundcube/program/include/clisetup.php(26): require_once()
> #1 /usr/share/roundcube/bin/update.sh(31):
> require_once('/usr/share/roun...')
> #2 {main}
> thrown in /usr/share/roundcube/program/include/iniset.php on line 81
This line is only run when the function ‘utf8_encode’ doesn't exist, but
oddly enough it seems to belong to core. Does the following command
outputs anything on your machine?
php -r 'if (!function_exists("utf8_encode")) { die("no such function\n"); }'
--
Guilhem.
signature.asc
Description: PGP signature
