[Backports-security-announce] Security Update for roundcube

Holger Levsen uploaded a new package for roundcube which fixed the
following security problems:

CVE-2010-0464

 Roundcube 0.3.1 and earlier does not request that the web browser avoid
 DNS prefetching of domain names contained in e-mail messages, which makes
 it easier for remote attackers to determine the network location of the
 webmail user by logging DNS requests.

For the lenny-backports distribution (lenny), these problems have been fixed
in version 0.3.1-3~bpo50+1.

Upgrade instructions

If you don't use pinning (see [1]) you have to update roundcube
manually via "apt-get -t lenny-backports install roundcube".
[1] <http://backports.org/dokuwiki/doku.php?id=instructions&gt;

We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically:

Package: *
Pin: release a=lenny-backports
Pin-Priority: 200