Ubuntu
roundcube package

lp:ubuntu/hardy-security/roundcube

Hardy (8.04)
hardy-security

Created by James Westby on 2009-07-18 and last modified on 2009-07-18

Get this branch:: bzr branch lp:ubuntu/hardy-security/roundcube

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Mature

Recent revisions

9. By Andrew Starr-Bochicchio on 2009-02-19

* SECURITY UPDATE: denial of service (memory consumption) via
  crafted size parameters that are used to create a large quota
  image - CVE-2008-5620 (LP: #316550)
- debian/patches/cve-2008-5620.patch
  + Backported from Debian
* SECURITY UPDATE: allows remote attackers to execute arbitrary
  code via crafted input that is processed by the preg_replace
  function with the eval switch. - CVE-2008-56-19 (LP: #316550)
- debian/patches/cve-2008-5619.patch
  + Backport from Debian.

8. By Romain Beauxis on 2008-01-26

[ Vincent Bernat ]
* Bug fix: "CVE-2007-6321: Cross-site scripting (XSS) vulnerability",
  thanks to Micah Anderson (Closes: #455840). The patch is from
  http://lists.roundcube.net/mail-archive/dev/2007-12/0000038.html and
  provided by Robin Elfrink. It has been modified with some functions
  stolen from Squirrelmail.
* Finnish debconf template, thanks to Esko Arajärvi (Closes: #458244).

[ Romain Beauxis ]
* Added DM-Upload-Allowed: yes to control file.
* Moved po-debconf to Build-Dep since it is needed for clean
target. Thanks to lintian.

7. By Romain Beauxis on 2007-12-09

* Thightened dependencies for a safe upgrade
* Finally removed any circular dependency, -db packages no longer pull
a full roundcube install

6. By Vincent Bernat on 2007-10-29

* New upstream, thanks to Nicolas Stransky (Closes: #447503). This
release support tinymce as HTML editor. Look at README.Debian for more
information.
* Update Galician debconf template, thanks to Jacobo Tarrio (Closes: #447943).

5. By Vincent Bernat on 2007-10-14

* In respect to policy 12.3, do not put main.inc.php.dist in
/usr/share/doc, thanks to Jonas Smedegaard (Closes: #446502).
* Update German and French debconf templates, thanks to Christian
Perrier (Closes: #446458) and Helge Kreutzmann (Closes: #446532).

4. By Romain Beauxis on 2007-06-05

* Removed custom unix_timestamp for sqlite: solved upstream
* Debconf templates and debian/control reviewed by the debian-l10n-
  english team as part of the Smith review project.
  Closes: #426086, #427546, #427546
* Debconf translation updates:
  - Galician. Closes: #426140
  - Basque. Closes: #426150
  - Czech. Closes: #426428
  - Portuguese. Closes: #426451
  - Arabic. Closes: #427110
  - Italian. Closes: #427206
  - German. Closes: #427536
  - French. Closes: #427736
  - Tamil. Closes: #428254
  - Russian. Closes: #428364
  - Spanish. Closes: #428573

3. By Vincent Bernat on 2007-05-20

[ Vincent Bernat ]
* New upstream release
* Update script for sqlite in postinst
[ Romain Beauxis ]
* Fixed dh_link calls
Closes: #423824
* Added custom patch to use php unix timestamp support
with sqlite since UNIX_TIMESTAMP is not supported by sqlite.
* Dropped php4 dependencies

2. By Vincent Bernat on 2007-05-05

* Fix a security issue by disallowing access to logs.
* First upload to unstable.

1. By Vincent Bernat on 2007-05-05

Import upstream version 0.1~beta2.2~dfsg

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/karmic/roundcube

This branch contains Public information

Everyone can see this information.

Subscribers

James Westby

Ubunturoundcube package