hm... the new roundcube version seems to fix a number of CVE's, either through upstream changes or through debian changes. Rolling it back would mean to take care of these, and to diverge from upstream/unstable quite a bit (and hence probably not being able to cherry-pick easily there, in case of more problems)
php-mdb2, php-mdb2-driver-{psql,mysql} don't have any bugreports in unstable, I guess my slightly preferred route would be to convince archive admins that we want it, and to get these in.
But I must admit, that I'm also not 100% comfortable with adding new packages that late, but I'm also not too comfortable with having to backport all CVE fixes to an earlier version.
hm... the new roundcube version seems to fix a number of CVE's, either through upstream changes or through debian changes. Rolling it back would mean to take care of these, and to diverge from upstream/unstable quite a bit (and hence probably not being able to cherry-pick easily there, in case of more problems)
php-mdb2, php-mdb2- driver- {psql,mysql} don't have any bugreports in unstable, I guess my slightly preferred route would be to convince archive admins that we want it, and to get these in.
But I must admit, that I'm also not 100% comfortable with adding new packages that late, but I'm also not too comfortable with having to backport all CVE fixes to an earlier version.