[ubuntu/bionic-proposed] roundcube 1.3.6+dfsg.1-1 (Accepted)
Jeremy Bicha
jeremy at bicha.net
Sun Apr 15 22:16:40 UTC 2018
roundcube (1.3.6+dfsg.1-1) unstable; urgency=medium
* New upstream release. (Closes: #883620).
+ Includes fix for CVE-2018-9846: When the archive plugin enabled and
configured, it's possible to exploit the unsanitized, user-controlled
"_uid" parameter to perform an MX (IMAP) injection attack.
(Closes: #895184).
+ Upgrade OpenPGP.js from 1.6.2 to 2.6.2.
* debian/control:
+ Bump Standards-Version to 4.1.4 (no changes needed).
+ Remove dependency on 'php-mcrypt' package, which is no longer needed
since Roundcube 1.2. (Closes: #895100).
* debian/patches/*.patch: Remove files not mentioned in series:
+ correct-magic-path.patch
+ disable-dns-prefetch.patch
+ dont-limit-email-local-part.patch
+ fix-599586.patch
+ install-jsdeps.sh
+ received-headers-sa.patch
+ too-old-mdb2.patch
+ use-debian-jquery-ui.patch
+ uuencoded-attachments.patch
* debian/roundcube-core.postinst: Use non-recursive calls to chown(1) and
chmod(1).
Date: 2018-04-14 22:40:31.286700+00:00
Signed-By: Jeremy Bicha <jeremy at bicha.net>
https://launchpad.net/ubuntu/+source/roundcube/1.3.6+dfsg.1-1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list