On 09.12.2016 11:23, Chris Lamb wrote: > Hi Christoph, > >> will there also be a fixed wheezy-backports version? It is at 0.9.5. > > As this CVE/DLA is still fresh in my mind, I've gone ahead and uploaded a > 0.9.5-1~bpo70+1.1 to wheezy-backports. > > Enjoy :) >
Hi, I cannot really recommend to use the wheezy-backports version of roundcube. It is still affected by all the other security vulnerabilities from the past. We had already talked about this to the maintainers but they didn't take action to request its removal from Debian. I wonder if we should do it now? Regards, Markus
signature.asc
Description: OpenPGP digital signature
