Debian Package Tracker

general

source: roundcube (main)
version: 1.3.8+dfsg.1-2
maintainer: Debian Roundcube Maintainers (archive) [DMD]
uploaders: Vincent Bernat [DMD] – Guilhem Moulin [DMD] – Sandro Knauß [DMD]
arch: all
std-ver: 4.2.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable: 1.2.3+dfsg.1-4+deb9u3
stable-sec: 1.2.3+dfsg.1-4+deb9u3
testing: 1.3.8+dfsg.1-2
unstable: 1.3.8+dfsg.1-2

versioned links

1.2.3+dfsg.1-4+deb9u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.8+dfsg.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

roundcube
roundcube-core
roundcube-mysql
roundcube-pgsql
roundcube-plugins
roundcube-sqlite3

action needed

A new upstream version is available: 1.4~beta high

A new upstream version 1.4~beta is available, you should consider packaging it.

Created: 2018-07-28 Last update: 2019-05-20 16:37

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2019-10740: In Roundcube Webmail 1.3.4, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.

Please fix it.

Created: 2019-04-07 Last update: 2019-05-14 07:13

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2019-04-01 Last update: 2019-05-20 16:05

Depends on packages which need a new maintainer normal

The packages that roundcube depends on which need a new maintainer are:

apache2 (#910917)
- Recommends: apache2
lighttpd (#898110)
- Recommends: lighttpd

Created: 2018-05-07 Last update: 2019-05-20 14:06

1 ignored security issue in buster low

There is 1 open security issue in buster.

1 issue skipped by the security teams:

CVE-2019-10740: In Roundcube Webmail 1.3.4, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.

Please fix it.

Created: 2019-04-07 Last update: 2019-05-14 07:13

2 ignored security issues in stretch low

There are 2 open security issues in stretch.

2 issues skipped by the security teams:

CVE-2018-19205: Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.
CVE-2019-10740: In Roundcube Webmail 1.3.4, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.

Please fix them.

Created: 2018-11-12 Last update: 2019-05-14 07:13

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 4.2.1).

Created: 2018-12-23 Last update: 2018-12-23 17:15

news

[rss feed]

[2018-11-28] Accepted roundcube 1.2.3+dfsg.1-4+deb9u3 (source all) into proposed-updates->stable-new, proposed-updates (Guilhem Moulin)
[2018-11-24] Accepted roundcube 1.2.3+dfsg.1-4+deb9u3 (source all) into stable->embargoed, stable (Guilhem Moulin)
[2018-11-10] roundcube 1.3.8+dfsg.1-2 MIGRATED to testing (Debian testing watch)
[2018-11-05] Accepted roundcube 1.3.8+dfsg.1-2 (source all) into unstable (Guilhem Moulin)
[2018-11-03] Accepted roundcube 1.3.8+dfsg.1-1 (source all) into unstable (Guilhem Moulin)
[2018-04-30] Accepted roundcube 1.2.3+dfsg.1-4+deb9u2 (source all) into proposed-updates->stable-new, proposed-updates (Guilhem Moulin)
[2018-04-28] Accepted roundcube 1.2.3+dfsg.1-4+deb9u2 (source all) into stable->embargoed, stable (Guilhem Moulin)
[2018-04-20] roundcube 1.3.6+dfsg.1-1 MIGRATED to testing (Debian testing watch)
[2018-04-14] Accepted roundcube 1.3.6+dfsg.1-1 (source all) into unstable (Guilhem Moulin)
[2017-11-28] Accepted roundcube 0.7.2-9+deb7u9 (source all) into oldoldstable (Roberto C. Sanchez)
[2017-11-25] roundcube 1.3.3+dfsg.1-2 MIGRATED to testing (Debian testing watch)
[2017-11-20] Accepted roundcube 1.3.3+dfsg.1-2 (source all) into unstable (Guilhem Moulin)
[2017-11-12] Accepted roundcube 1.2.3+dfsg.1-4+deb9u1 (source all) into proposed-updates->stable-new, proposed-updates (Guilhem Moulin)
[2017-11-11] roundcube 1.3.3+dfsg.1-1 MIGRATED to testing (Debian testing watch)
[2017-11-09] Accepted roundcube 1.3.3+dfsg.1-1 (source all) into unstable (Guilhem Moulin)
[2017-09-16] roundcube 1.3.1+dfsg.1-1 MIGRATED to testing (Debian testing watch)
[2017-09-10] Accepted roundcube 1.3.1+dfsg.1-1 (source) into unstable (Sandro Knauß)
[2017-08-28] roundcube 1.3.0+dfsg.1-1 MIGRATED to testing (Debian testing watch)
[2017-08-22] Accepted roundcube 1.3.0+dfsg.1-1 (source) into unstable (Sandro Knauß)
[2017-07-27] Accepted roundcube 0.7.2-9+deb7u8 (source all) into oldoldstable (Markus Koschany)
[2017-06-06] Accepted roundcube 1.1.5+dfsg.1-1~bpo8+5 (source all) into jessie-backports->backports-policy, jessie-backports (Guilhem Moulin) (signed by: Vincent Bernat)
[2017-05-12] roundcube 1.2.3+dfsg.1-4 MIGRATED to testing (Debian testing watch)
[2017-05-07] Accepted roundcube 0.7.2-9+deb7u7 (source all) into oldstable (Markus Koschany)
[2017-05-02] Accepted roundcube 1.2.3+dfsg.1-4 (source all) into unstable (Guilhem Moulin) (signed by: Vincent Bernat)
[2017-03-17] roundcube 1.2.3+dfsg.1-3 MIGRATED to testing (Debian testing watch)
[2017-03-14] Accepted roundcube 1.1.5+dfsg.1-1~bpo8+4 (source all) into jessie-backports->backports-policy, jessie-backports (Guilhem Moulin) (signed by: Vincent Bernat)
[2017-03-14] Accepted roundcube 1.2.3+dfsg.1-3 (source all) into unstable (Guilhem Moulin) (signed by: Vincent Bernat)
[2017-03-14] Accepted roundcube 1.2.3+dfsg.1-2 (source all) into unstable (Guilhem Moulin) (signed by: Vincent Bernat)
[2017-03-13] Accepted roundcube 0.7.2-9+deb7u6 (source all) into oldstable (Markus Koschany)
[2016-12-27] roundcube 1.2.3+dfsg.1-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 26
RC: 0
I&N: 19
M&W: 7
F&P: 0
patch: 1

links

homepage
lintian
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.3.8+dfsg.1-2
61 bugs