Hi, On Thu, 09 Jul 2020 at 16:53:03 +0200, Mirko Vogt wrote: > Can I do anything to push this being fixed or workaround this myself > without weakening my setup security wise? Thanks!
The bug metadata say: Found in versions roundcube-core/1.2.3+dfsg.1-4+deb9u3, roundcube-core/1.3.13+dfsg.1-1~deb10u1, roundcube-core/1.3.10+dfsg.1-1~deb10u1 Fixed in versions roundcube-core/1.4.3+dfsg.1-1 So right now versions in testing, sid, and buster-backports are unaffected, while those in buster, buster-security and stretch and stretch-security (or anything earlier) are affected. Some work has been done in the postinst script in 1.4 so the fix doesn't apply to 1.3.14+dfsg.1-1~deb10u1. It might be possible to write a targeted patch and convince the release team to accept it as a stable-proposed-updates, but I personally don't plan to work on that. -- Guilhem.
signature.asc
Description: PGP signature
