Debian Package Tracker

general

source: roundcube (main)
version: 1.4.3+dfsg.1-1
maintainer: Debian Roundcube Maintainers (archive) (DMD)
uploaders: Vincent Bernat [DMD] – Sandro Knauß [DMD] – Guilhem Moulin [DMD]
arch: all
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 1.2.3+dfsg.1-4+deb9u3
old-sec: 1.2.3+dfsg.1-4+deb9u3
stable: 1.3.10+dfsg.1-1~deb10u1
testing: 1.4.2+dfsg.1-2
unstable: 1.4.3+dfsg.1-1

versioned links

1.2.3+dfsg.1-4+deb9u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.10+dfsg.1-1~deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.2+dfsg.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.3+dfsg.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

roundcube (13 bugs: 0, 6, 7, 0)
roundcube-core
roundcube-mysql
roundcube-pgsql
roundcube-plugins
roundcube-sqlite3

action needed

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2019-15237: Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.

Please fix it.

Created: 2019-07-07 Last update: 2020-02-24 11:30

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2019-15237: Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.

Please fix it.

Created: 2019-04-07 Last update: 2020-02-24 11:30

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2020-02-26 Last update: 2020-02-27 08:02

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2020-02-03 Last update: 2020-02-27 03:34

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 8652d5f8c01161266eeff73103df49c4b8666f7e
Author: Guilhem Moulin <guilhem@debian.org>
Date:   Mon Feb 24 07:22:20 2020 +0100

    d/roundcube-core.postinst: improve wording in comments

Created: 2020-02-23 Last update: 2020-02-24 09:36

1 ignored security issue in buster low

There is 1 open security issue in buster.

1 issue skipped by the security teams:

CVE-2019-15237: Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.

Please fix it.

Created: 2019-04-07 Last update: 2020-02-24 11:30

3 ignored security issues in stretch low

There are 3 open security issues in stretch.

3 issues skipped by the security teams:

CVE-2019-15237: Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.
CVE-2018-19205: Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.
CVE-2019-10740: In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.

Please fix them.

Created: 2018-11-12 Last update: 2020-02-24 11:30

testing migrations

excuses:
- Migration status for roundcube (1.4.2+dfsg.1-2 to 1.4.3+dfsg.1-1): Waiting for test results, another package or too young (no action required now - check later)
- Issues preventing migration:
- Too young, only 3 of 5 days old
- Additional info:
- Piuparts tested OK - https://piuparts.debian.org/sid/source/r/roundcube.html
- Not considered

news

[rss feed]

[2020-02-24] Accepted roundcube 1.4.3+dfsg.1-1 (source) into unstable (Debian FTP Masters) (signed by: Guilhem Moulin)
[2020-02-03] roundcube 1.4.2+dfsg.1-2 MIGRATED to testing (Debian testing watch)
[2020-01-29] Accepted roundcube 1.4.2+dfsg.1-2 (source) into unstable (Debian FTP Masters) (signed by: Guilhem Moulin)
[2020-01-25] Accepted roundcube 1.3.10+dfsg.1-1~deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Sandro Knauß)
[2020-01-12] roundcube 1.4.2+dfsg.1-1 MIGRATED to testing (Debian testing watch)
[2020-01-01] Accepted roundcube 1.4.2+dfsg.1-1 (source) into unstable (Guilhem Moulin)
[2019-12-27] Accepted roundcube 1.4.1+dfsg.1-2 (source) into unstable (Guilhem Moulin)
[2019-12-23] roundcube 1.3.10+dfsg.1-1 MIGRATED to testing (Debian testing watch)
[2019-12-18] Accepted roundcube 1.4.1+dfsg.1-1 (source) into experimental (Guilhem Moulin)
[2019-12-18] Accepted roundcube 1.3.10+dfsg.1-1 (source) into unstable (Beowulf) (signed by: Sandro Knauß)
[2019-06-11] Accepted roundcube 1.4~rc1+dfsg.2-1 (source) into experimental (Guilhem Moulin)
[2018-11-28] Accepted roundcube 1.2.3+dfsg.1-4+deb9u3 (source all) into proposed-updates->stable-new, proposed-updates (Guilhem Moulin)
[2018-11-24] Accepted roundcube 1.2.3+dfsg.1-4+deb9u3 (source all) into stable->embargoed, stable (Guilhem Moulin)
[2018-11-10] roundcube 1.3.8+dfsg.1-2 MIGRATED to testing (Debian testing watch)
[2018-11-05] Accepted roundcube 1.3.8+dfsg.1-2 (source all) into unstable (Guilhem Moulin)
[2018-11-03] Accepted roundcube 1.3.8+dfsg.1-1 (source all) into unstable (Guilhem Moulin)
[2018-04-30] Accepted roundcube 1.2.3+dfsg.1-4+deb9u2 (source all) into proposed-updates->stable-new, proposed-updates (Guilhem Moulin)
[2018-04-28] Accepted roundcube 1.2.3+dfsg.1-4+deb9u2 (source all) into stable->embargoed, stable (Guilhem Moulin)
[2018-04-20] roundcube 1.3.6+dfsg.1-1 MIGRATED to testing (Debian testing watch)
[2018-04-14] Accepted roundcube 1.3.6+dfsg.1-1 (source all) into unstable (Guilhem Moulin)
[2017-11-28] Accepted roundcube 0.7.2-9+deb7u9 (source all) into oldoldstable (Roberto C. Sanchez)
[2017-11-25] roundcube 1.3.3+dfsg.1-2 MIGRATED to testing (Debian testing watch)
[2017-11-20] Accepted roundcube 1.3.3+dfsg.1-2 (source all) into unstable (Guilhem Moulin)
[2017-11-12] Accepted roundcube 1.2.3+dfsg.1-4+deb9u1 (source all) into proposed-updates->stable-new, proposed-updates (Guilhem Moulin)
[2017-11-11] roundcube 1.3.3+dfsg.1-1 MIGRATED to testing (Debian testing watch)
[2017-11-09] Accepted roundcube 1.3.3+dfsg.1-1 (source all) into unstable (Guilhem Moulin)
[2017-09-16] roundcube 1.3.1+dfsg.1-1 MIGRATED to testing (Debian testing watch)
[2017-09-10] Accepted roundcube 1.3.1+dfsg.1-1 (source) into unstable (Sandro Knauß)
[2017-08-28] roundcube 1.3.0+dfsg.1-1 MIGRATED to testing (Debian testing watch)
[2017-08-22] Accepted roundcube 1.3.0+dfsg.1-1 (source) into unstable (Sandro Knauß)

bugs [bug history graph]

all: 14
RC: 0
I&N: 7
M&W: 7
F&P: 0
patch: 1

links

homepage
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots
l10n (98, -)

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.4.3+dfsg.1-1
61 bugs