Remote Code Execution Vulnerability has been discovered, and will be disclosed on: January 11, 2016
commit 8a3bcf93eba9de75950be6b0cf1c09b3edf36171 Author: Aaron W. Swenson <titanofold@gentoo.org> Date: Thu Jan 14 13:45:54 2016 -0500 mail-client/roundcube: Version Bump Version bump fixes bug 570834 and addresses multiple security bugs. Bug: 570834,564476,570336 Package-Manager: portage-2.2.20.1 Stabilization targets: =mail-client/roundcube-1.1.4 ~amd64 ~hppa ~ppc ~sparc ~x86 Stabilization targets pending resolution of 571920: =mail-client/roundcube-1.1.4 ~arm ~ppc64
ppc stable
Why is PPC64 even here?
Same for HPPA.
x86 done
arm stable
sparc has nothing to do here
amd64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
commit fddb2b8c50395843639b43ea9a908a94bc887924 Author: Aaron W. Swenson <titanofold@gentoo.org> Date: Thu Jan 21 08:51:17 2016 -0500 mail-client/roundcube: Remove Insecure Versions Removed insecure versions 1.0.5, 1.0.6, and 1.1.3. Bug: 554866, 564476, 570336 Package-Manager: portage-2.2.26
New GLSA request filed
CVE has been published. Removing block as this is all in one GLSA across multiple versions.
This issue was resolved and addressed in GLSA 201603-03 at https://security.gentoo.org/glsa/201603-03 by GLSA coordinator Sergey Popov (pinkbyte).