[Pkg-roundcube-maintainers] CVE-2023-47272/roundcube: {bullseye, bookworm}-security uploads
Sébastien Delafond
seb at debian.org
Fri Dec 1 06:56:27 GMT 2023
On Thu, Nov 30 2023, Sébastien Delafond wrote:
> On Tue, Nov 28 2023, Guilhem Moulin wrote:
>> I'd like to propose the attach debdiffs to fix CVE-2023-47272/roundcube.
>>
>> Bullseye and Bookworm have respectively been following upstream's LTS
>> (1.4) and stable (1.6) branch. Upstream has not released 1.4.16 yet so
>> I backported the fix from the release-1.4 branch for Bullseye. However
>> for Bookworm I imported new bugfix/security upstream release 1.6.5 like
>> for previous security fixes.
>>
>> Both 1.4.15+dfsg.1-1~deb11u2 and 1.6.5+dfsg-1~deb12u1 have been tested.
>> (Also upstream's new unit tests are run at build time.)
>
> thanks for the debdiffs, I'll review them shortly.
They both look good, please upload to security-master (the bookworm one
will need to be built with -sa).
Cheers,
--
Seb
More information about the Pkg-roundcube-maintainers
mailing list