Updated roundup packages has been released for Debian GNU/Linux 8 LTS
Package : roundup
Version : 1.4.20-1.1+deb8u2
CVE ID : CVE-2019-10904
Hanno Böck was discovered that there was a cross-site scripting
(XSS) vulnerability in the web front-end of the roundup issue-
tracking system.
For Debian 8 "Jessie", this issue has been fixed in roundup version
1.4.20-1.1+deb8u2.
We recommend that you upgrade your roundup packages.