Sorry, I don't have enough knowledge of Roundcube to figure out the relevant fixes for CVE-2013-5645, which was fixed in Debian by updating the package to 0.9.4-1. CVE-2013-6172 was fixed with https://github.com/roundcube/roundcubemail/commit/70c7df8faa5a9023a2773dc5a38932f1ad3a84aa applied on top of that.
Sorry, I don't have enough knowledge of Roundcube to figure out the relevant fixes for CVE-2013-5645, which was fixed in Debian by updating the package to 0.9.4-1. CVE-2013-6172 was fixed with https:/ /github. com/roundcube/ roundcubemail/ commit/ 70c7df8faa5a902 3a2773dc5a38932 f1ad3a84aa applied on top of that.