Summary: | <mail-client/roundcube-1.1.2: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | hydrapolic, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2015/07/06/10 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-07-14 10:04:32 UTC
For 1.0.6, I just renamed the ebuild and compiled. Its been working fine for about a month. Same here. Any progress here please? It's a trivial bump for 1.0.6. Tomas: I think all the attention is going to 1.1.1. I simply updated my local tree with a renamed 1.0.5 ebuild for 1.0.6 1.0.6 in the tree, 1.1.2 will come later. Arches please stabilize. amd64 stable x86 stable ppc stable arm stable, all arches done. I'll add arches in a day or so to make sure no issues crop up. commit c20f39cdcba8d3f75fcd7d6c09e80d2ee0655e40 Author: Aaron W. Swenson <titanofold@gentoo.org> Date: Wed Dec 9 07:44:37 2015 -0500 mail-client/roundcube: Version bump, security, and bug fixes Added two use flags controlling optional dependencies to support the enigma and and sieverules plugins. Added REQUIRED_USE as one of postgres, mysql, or sqlite must be enabled. Rouncube requires a database to operate. As the ebuild uses this now, removed the default enable on the mysql USE flag. Added POST-UPGRADE.txt which is just a shortened version of the UPGRADE text from upstream. Dropped arm and ppc64 keywords as one dependency, dev-php/PEAR-Net_LDAP2, currently lacks matching keywords for those architectures. Bug: 541172, 545096, 524192, 564476, 565204, 53284 Package-Manager: portage-2.2.20.1 commit fddb2b8c50395843639b43ea9a908a94bc887924 Author: Aaron W. Swenson <titanofold@gentoo.org> Date: Thu Jan 21 08:51:17 2016 -0500 mail-client/roundcube: Remove Insecure Versions Removed insecure versions 1.0.5, 1.0.6, and 1.1.3. Bug: 554866, 564476, 570336 Package-Manager: portage-2.2.26 Assigned to GLSA 74a1a7303 This issue was resolved and addressed in GLSA 201603-03 at https://security.gentoo.org/glsa/201603-03 by GLSA coordinator Sergey Popov (pinkbyte). |