Your message dated Wed, 18 Dec 2019 00:20:22 +0000
with message-id <[email protected]>
and subject line Bug#927713: fixed in roundcube 1.3.10+dfsg.1-1
has caused the Debian Bug report #927713,
regarding CVE-2019-10740
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
927713: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927713
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: roundcube
Severity: important
Tags: security
This was assigned CVE-2019-10740:
https://github.com/roundcube/roundcubemail/issues/6638
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: roundcube
Source-Version: 1.3.10+dfsg.1-1
We believe that the bug you reported is fixed in the latest version of
roundcube, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Beowulf <[email protected]> (supplier of updated roundcube package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 18 Dec 2019 00:26:48 +0100
Source: roundcube
Architecture: source
Version: 1.3.10+dfsg.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Roundcube Maintainers
<[email protected]>
Changed-By: Beowulf <[email protected]>
Closes: 897014 898068 918126 923142 927713
Changes:
roundcube (1.3.10+dfsg.1-1) unstable; urgency=medium
.
* New upstream release: (Closes: #927713)
- Fixes CVE-2019-10740
.
[ Guilhem Moulin ]
* Backport fix for CVE-2018-1000071: Insecure Permissions vulnerability in
enigma plugin that can result in exfiltration of gpg private key.
https://github.com/roundcube/roundcubemail/issues/6173 (Closes: #897014)
* New upstream release (1.3.9). (Closes: #898068)
* d/roundcube-core.config: Honor debconf setting roundcube/language, by
skipping the relevant part at pre-configure stage. (Closes: #923142)
* d/roundcube-core.postinst: Create temporary configuration file atomically.
* d/upstream/signing-key.asc: Minimize OpenPGP certificate.
* Add new plugins to roundcube-plugins: 'attachment_reminder' (closes:
#918126), 'example_addressbook', 'identicon', 'identity_select' and
'redundant_attachments'.
* d/control: Bump Standards-Version to 4.3.0 (no changes needed).
Checksums-Sha1:
43fa63523cc1ff8066ba47f21494cfed2369c74d 2480 roundcube_1.3.10+dfsg.1-1.dsc
e90754f1ed9d2195bef1d1faea5c338b300bc20a 2185372
roundcube_1.3.10+dfsg.1.orig.tar.xz
7388b896dd65013911ab3c7f56791ae028826109 3053916
roundcube_1.3.10+dfsg.1-1.debian.tar.xz
4e22bf0626b77cba96bed3bc458a4fad4b6cfe6b 9429
roundcube_1.3.10+dfsg.1-1_source.buildinfo
Checksums-Sha256:
01318705b13d631ce74e921327f023ff057ae85ef43b05714457ad368d2b606f 2480
roundcube_1.3.10+dfsg.1-1.dsc
8ca8734569af59ee4caca769a47572ef3cc553bd8a1683922137b82c486e4dcb 2185372
roundcube_1.3.10+dfsg.1.orig.tar.xz
41662b710c13940234f33cfc73a79d80e7398b2babc6297630f78eec57215eae 3053916
roundcube_1.3.10+dfsg.1-1.debian.tar.xz
0d7ad785d16961ddb77c6538d24a6573a99fd9c9d8bb1a35595e0c9b81d4008d 9429
roundcube_1.3.10+dfsg.1-1_source.buildinfo
Files:
f1ec3fc9a06f6295f6470e3a65dc927e 2480 web optional
roundcube_1.3.10+dfsg.1-1.dsc
a2727cb5b5d2646eaea430aea1bb204e 2185372 web optional
roundcube_1.3.10+dfsg.1.orig.tar.xz
f88daa63a11ebbd32ca26d8077d7c449 3053916 web optional
roundcube_1.3.10+dfsg.1-1.debian.tar.xz
9e00b2160cc6d66b7a7c825c674259e2 9429 web optional
roundcube_1.3.10+dfsg.1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEOewRoCAWtykmSRoG462wCFBgVjYFAl35anARHGhlZmVlQGRl
Ymlhbi5vcmcACgkQ462wCFBgVjah+Q//fOxBJMOusuQF+Qib8AkaHrHFnNVMtoRt
02ntimphuEDwNz2/4K03AKprerZ/6WtJuc7zJnqSs+CAFINVKio3vPV8OGOTvXUq
oTa/Z1EELDaSCp4NvIDanlFmLvm6MOfxWIvSEMt4vwSKq7WuFNBepPcxj1K7Y7jt
R3nxLTiPp8ZM3PD2KgOkpeURjnSmFrENFJhjs8OamOV7E8o/tpMZkc4tBo68ZRwB
hsjyyhGnozAk0p8HPsTvLPZC8FhWeRwZXxdFjstgbeCcZ3Mxhdo1zm6UeaH7LIgM
Q3eQsqSoOV4zw7EKRFxVFPGE4TAWiTdqqGmK55DrGVXyCrMkyDWxikTlDk7gWcr/
HKPdsGOBklDQKDwruZOeYSQtlB0Guh6ItGoo4xhsB7JgIzSpNhA6sL2twMIMaor0
DMmtssCU2DA3rSCnKVkrmV5tOQBiblwWlfWQxwDG/MJiNrzxtSC7FFmZ5y3Az8SL
mfUigaLIh4O6lA11E+dGVe/kJtsm1YTTF2sIFybIkpy3fxSmptGvvqW9R7Yj/fZH
u/0z1QsdOHl2AEI1VHUCoEnlWmZqhS6gpQ2RwEneF5l+kh6wtDeaxHuHK9VW210x
6SdbJzb19K5/vq7EZmZ3a1/16cTQDlLcnBlzmN7wRiOeguQcSBTtp/rHitqsc6lx
xTOCu6XKMuQ=
=e/r+
-----END PGP SIGNATURE-----
--- End Message ---
