roundcube - Debian Package Tracker

general

source: roundcube (main)
version: 1.6.3+dfsg-1
maintainer: Debian Roundcube Maintainers (archive) (DMD)
uploaders: Guilhem Moulin [DMD] – Sandro Knauß [DMD] – Vincent Bernat [DMD]
arch: all
std-ver: 4.6.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.3.17+dfsg.1-1~deb10u2
o-o-sec: 1.3.17+dfsg.1-1~deb10u3
o-o-bpo: 1.4.13+dfsg.1-1~deb11u1~bpo10+1
oldstable: 1.4.13+dfsg.1-1~deb11u1
old-sec: 1.4.13+dfsg.1-1~deb11u1
stable: 1.6.1+dfsg-1
testing: 1.6.3+dfsg-1
unstable: 1.6.3+dfsg-1

versioned links

1.3.17+dfsg.1-1~deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.17+dfsg.1-1~deb10u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.13+dfsg.1-1~deb11u1~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.13+dfsg.1-1~deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.6.1+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.6.3+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

roundcube
roundcube-core (8 bugs: 0, 4, 4, 0)
roundcube-mysql
roundcube-pgsql
roundcube-plugins
roundcube-sqlite3

action needed

source package has 1 unsatisfiable build dependency high

Build dependencies in unstable cannot be satisfied on amd64 because: unsatisfied dependency on node-minimatch (>= 9)

Created: 2023-09-26 Last update: 2023-09-27 03:02

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 2e34b0a9ccfc3b44d7ea14242c3faab11729e8e5
Author: Guilhem Moulin <guilhem@debian.org>
Date:   Fri Sep 22 12:49:02 2023 +0300

    d/changelog: Retroactively mention CVE-2023-43770 for 1.6.3+dfsg-1.

Created: 2023-09-26 Last update: 2023-09-26 17:00

2 low-priority security issues in bullseye low

There are 2 open security issues in bullseye.

1 issue left for the package maintainer to handle:

CVE-2023-43770: (needs triaging) Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.

You can find information about how to handle this issue in the security team's documentation.

1 ignored issue:

CVE-2019-15237: Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.

Created: 2022-07-04 Last update: 2023-09-23 06:58

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2023-43770: (needs triaging) Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.

You can find information about how to handle this issue in the security team's documentation.

Created: 2023-09-19 Last update: 2023-09-23 06:58

debian/patches: 3 patches to forward upstream low

Among the 18 debian patches available in version 1.6.3+dfsg-1 of the package, we noticed the following issues:

3 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2023-09-19 00:28

news

[rss feed]

[2023-09-22] Accepted roundcube 1.3.17+dfsg.1-1~deb10u3 (source) into oldoldstable (Guilhem Moulin)
[2023-09-20] roundcube 1.6.3+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-09-18] Accepted roundcube 1.6.3+dfsg-1 (source) into unstable (Guilhem Moulin)
[2023-07-04] roundcube 1.6.2+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-07-02] Accepted roundcube 1.6.2+dfsg-1 (source) into unstable (Guilhem Moulin)
[2023-01-27] roundcube 1.6.1+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-01-24] Accepted roundcube 1.6.1+dfsg-1 (source) into unstable (Guilhem Moulin)
[2022-12-24] roundcube 1.6.0+dfsg-2 MIGRATED to testing (Debian testing watch)
[2022-12-20] Accepted roundcube 1.6.0+dfsg-2 (source) into unstable (Guilhem Moulin)
[2022-10-18] roundcube 1.6.0+dfsg-1.1 MIGRATED to testing (Debian testing watch)
[2022-10-15] Accepted roundcube 1.6.0+dfsg-1.1 (source) into unstable (Michael Biebl)
[2022-07-31] roundcube 1.6.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-07-29] Accepted roundcube 1.6.0+dfsg-1 (source) into unstable (Guilhem Moulin)
[2022-06-29] Accepted roundcube 1.6~rc+dfsg-2 (source) into experimental (Guilhem Moulin)
[2022-06-12] Accepted roundcube 1.6~rc+dfsg-1 (source) into experimental (Guilhem Moulin)
[2022-05-11] Accepted roundcube 1.6~beta+dfsg-2 (source) into experimental (Guilhem Moulin)
[2022-03-14] Accepted roundcube 1.6~beta+dfsg-1 (source) into experimental (Guilhem Moulin)
[2022-02-08] roundcube REMOVED from testing (Debian testing watch)
[2022-01-12] Accepted roundcube 1.2.3+dfsg.1-4+deb9u10 (source) into oldoldstable (Guilhem Moulin)
[2022-01-11] Accepted roundcube 1.4.13+dfsg.1-1~deb11u1~bpo10+1 (source) into buster-backports->backports-policy, buster-backports (Debian FTP Masters) (signed by: Guilhem Moulin)
[2022-01-08] Accepted roundcube 1.3.17+dfsg.1-1~deb10u2 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Guilhem Moulin)
[2022-01-08] Accepted roundcube 1.4.13+dfsg.1-1~deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Guilhem Moulin)
[2022-01-08] Accepted roundcube 1.4.13+dfsg.1-1~deb11u1 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Guilhem Moulin)
[2022-01-08] Accepted roundcube 1.3.17+dfsg.1-1~deb10u2 (source) into oldstable->embargoed, oldstable (Debian FTP Masters) (signed by: Guilhem Moulin)
[2021-12-15] Accepted roundcube 1.4.12+dfsg.1-1~bpo10+1 (source) into buster-backports->backports-policy, buster-backports (Debian FTP Masters) (signed by: Guilhem Moulin)
[2021-12-07] roundcube 1.5.1+dfsg-1 MIGRATED to testing (Debian testing watch)
[2021-12-06] Accepted roundcube 1.2.3+dfsg.1-4+deb9u9 (source) into oldoldstable (Markus Koschany)
[2021-12-04] Accepted roundcube 1.5.1+dfsg-1 (source) into unstable (Guilhem Moulin)
[2021-11-29] Accepted roundcube 1.3.17+dfsg.1-1~deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Guilhem Moulin)
[2021-11-29] Accepted roundcube 1.4.12+dfsg.1-1~deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Guilhem Moulin)

bugs [bug history graph]

all: 10
RC: 0
I&N: 5
M&W: 5
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility, debcheck
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (99, -)
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.6.2+dfsg-1
76 bugs