Bug#927713: CVE-2019-10740
Hi Guilhem On Tue, May 14, 2019 at 02:05:31AM +0200, Guilhem Moulin wrote: > Hi, > > On Mon, 13 May 2019 at 21:43:23 +0200, Salvatore Bonaccorso wrote: > > On Sun, Apr 21, 2019 at 10:25:22PM +0200, Moritz Muehlenhoff wrote: > >> Source: roundcube > >> Severity: important > >> Tags: security > >> > >> This was assigned CVE-2019-10740: > >> https://github.com/roundcube/roundcubemail/issues/6638 > > > > The issue seems to have been adressed upstream now. > > Thanks for the follow-up! AFAICT this issue is mostly irrelevant for > Stretch/Buster as it's about the Enigma plugin, which depends on a PHP > PEAR module (php-crypt-gpg) that's in neither release. > > While it might be worth fixing in a later point release, or in an upload > to security-master along with the next security fix, this probably > doesn't warrant a DSA does it? Ack, right! I have updated the security-tracker accordingly! Regards, Salvatore
Bug#927713: CVE-2019-10740
Hi, On Mon, 13 May 2019 at 21:43:23 +0200, Salvatore Bonaccorso wrote: > On Sun, Apr 21, 2019 at 10:25:22PM +0200, Moritz Muehlenhoff wrote: >> Source: roundcube >> Severity: important >> Tags: security >> >> This was assigned CVE-2019-10740: >> https://github.com/roundcube/roundcubemail/issues/6638 > > The issue seems to have been adressed upstream now. Thanks for the follow-up! AFAICT this issue is mostly irrelevant for Stretch/Buster as it's about the Enigma plugin, which depends on a PHP PEAR module (php-crypt-gpg) that's in neither release. While it might be worth fixing in a later point release, or in an upload to security-master along with the next security fix, this probably doesn't warrant a DSA does it? -- Guilhem. signature.asc Description: PGP signature
Bug#927713: CVE-2019-10740
Hi, On Sun, Apr 21, 2019 at 10:25:22PM +0200, Moritz Muehlenhoff wrote: > Source: roundcube > Severity: important > Tags: security > > This was assigned CVE-2019-10740: > https://github.com/roundcube/roundcubemail/issues/6638 The issue seems to have been adressed upstream now. Regards, Salvatore
Bug#927713: CVE-2019-10740
Source: roundcube Severity: important Tags: security This was assigned CVE-2019-10740: https://github.com/roundcube/roundcubemail/issues/6638 Cheers, Moritz