[Git][security-tracker-team/security-tracker][master] Reserve DSA for roundcube update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4936279e by Salvatore Bonaccorso at 2018-04-27T10:35:36+02:00
Reserve DSA for roundcube update

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -8141,6 +8141,7 @@ CVE-2018-1000072 (iRedMail version prior to commit 
f04b8ef contains a Insecure .
        NOT-FOR-US: iRedMail
 CVE-2018-1000071 (roundcube version 1.3.4 and earlier contains an Insecure 
Permissions ...)
        - roundcube <unfixed> (unimportant; bug #897014)
+       [stretch] - roundcube 1.2.3+dfsg.1-4+deb9u2
        NOTE: https://github.com/roundcube/roundcubemail/issues/6173
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/48417c5fc9f6eb4b90500c09596606d489c700b5
        NOTE: 
https://www.legacysecuritygroup.com/cve/references/02122018-roundcube-enigma.txt


=====================================
data/DSA/list
=====================================
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -1,3 +1,6 @@
+[27 Apr 2018] DSA-4181-1 roundcube - security update
+       {CVE-2018-9846}
+       [stretch] - roundcube 1.2.3+dfsg.1-4+deb9u2
 [25 Apr 2018] DSA-4180-1 drupal7 - security update
        {CVE-2018-7602}
        [jessie] - drupal7 7.32-1+deb8u12


=====================================
data/dsa-needed.txt
=====================================
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -88,10 +88,6 @@ ruby2.3/stable
   Santiago will prepare an update
   work-in-progress: 
https://salsa.debian.org/ruby-team/ruby/tree/stretch-security-wip
 --
-roundcube (carnil)
-  Guilhem Moulin proposed an update in https://bugs.debian.org/895184, needs 
review and ack
-  Update should include as well the no-dsa tagged fix for CVE-2018-1000071
---
 sdl-image1.2
   Felix Geyer (debfx) working on updates
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4936279e43dbc1a36c8799ccc6e74247c7d1bd5d

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4936279e43dbc1a36c8799ccc6e74247c7d1bd5d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits