Publishing details
Changelog
roundcube (1.3.6+dfsg.1-1) unstable; urgency=medium
* New upstream release. (Closes: #883620).
+ Includes fix for CVE-2018-9846: When the archive plugin enabled and
configured, it's possible to exploit the unsanitized, user-controlled
"_uid" parameter to perform an MX (IMAP) injection attack.
(Closes: #895184).
+ Upgrade OpenPGP.js from 1.6.2 to 2.6.2.
* debian/control:
+ Bump Standards-Version to 4.1.4 (no changes needed).
+ Remove dependency on 'php-mcrypt' package, which is no longer needed
since Roundcube 1.2. (Closes: #895100).
* debian/patches/*.patch: Remove files not mentioned in series:
+ correct-magic-path.patch
+ disable-dns-prefetch.patch
+ dont-limit-email-local-part.patch
+ fix-599586.patch
+ install-jsdeps.sh
+ received-headers-sa.patch
+ too-old-mdb2.patch
+ use-debian-jquery-ui.patch
+ uuencoded-attachments.patch
* debian/roundcube-core.postinst: Use non-recursive calls to chown(1) and
chmod(1).
-- Guilhem Moulin <email address hidden> Sat, 14 Apr 2018 20:52:38 +0200
Builds
Built packages
-
roundcube
skinnable AJAX based webmail solution for IMAP servers - metapackage
-
roundcube-core
skinnable AJAX based webmail solution for IMAP servers
-
roundcube-mysql
metapackage providing MySQL dependencies for RoundCube
-
roundcube-pgsql
metapackage providing PostgreSQL dependencies for RoundCube
-
roundcube-plugins
skinnable AJAX based webmail solution for IMAP servers - plugins
-
roundcube-sqlite3
metapackage providing SQLite dependencies for RoundCube
Package files