Comment 6 for bug 1256293

Sorry, I don't have enough knowledge of Roundcube to figure out the relevant fixes for CVE-2013-5645, which was fixed in Debian by updating the package to 0.9.4-1. CVE-2013-6172 was fixed with https://github.com/roundcube/roundcubemail/commit/70c7df8faa5a9023a2773dc5a38932f1ad3a84aa applied on top of that.