Hi, On Mon, 13 May 2019 at 21:43:23 +0200, Salvatore Bonaccorso wrote: > On Sun, Apr 21, 2019 at 10:25:22PM +0200, Moritz Muehlenhoff wrote: >> Source: roundcube >> Severity: important >> Tags: security >> >> This was assigned CVE-2019-10740: >> https://github.com/roundcube/roundcubemail/issues/6638 > > The issue seems to have been adressed upstream now.
Thanks for the follow-up! AFAICT this issue is mostly irrelevant for Stretch/Buster as it's about the Enigma plugin, which depends on a PHP PEAR module (php-crypt-gpg) that's in neither release. While it might be worth fixing in a later point release, or in an upload to security-master along with the next security fix, this probably doesn't warrant a DSA does it? -- Guilhem.
signature.asc
Description: PGP signature