Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Mehrere Probleme in RoundCube Webmail
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in RoundCube Webmail
ID: FEDORA-2015-6e299214b8
Distribution: Fedora
Plattformen: Fedora 23
Datum: Do, 7. Januar 2016, 21:59
Referenzen: https://bugzilla.redhat.com/show_bug.cgi?id=1269155

Originalnachricht

Name        : roundcubemail
Product : Fedora 23
Version : 1.1.4
Release : 2.fc23
URL : http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.

-------------------------------------------------------------------------------
-
Update Information:

**Release 1.1.4** - Add workaround for https://bugs.php.net/bug.php?id=70757
(#1490582) - Fix duplicate messages in list and wrong count after delete
(#1490572) - Fix so Installer requires PHP5 - Make brute force attacks harder
by
re-generating security token on every failed login (#1490549) - Slow down
brute-
force attacks by waiting for a second after failed login (#1490549) - Fix
.htaccess rewrite rules to not block .well-known URIs (#1490615) - Fix mail
view
scaling on iOS (#1490551) - Fix so database_attachments::cleanup() does not
remove attachments from other sessions (#1490542) - Fix responses list update
issue after response name change (#1490555) - Fix bug where message preview was
unintentionally reset on check-recent action (#1490563) - Fix bug where HTML
messages with invalid/excessive css styles couldn't be displayed (#1490539)
-
Fix redundant blank lines when using HTML and top posting (#1490576) - Fix
redundant blank lines on start of text after html to text conversion (#1490577)
- Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583) -
Fix
invalid LDAP query in ACL user autocompletion (#1490591) - Fix regression in
displaying contents of message/rfc822 parts (#1490606) - Fix handling of
message/rfc822 attachments on replies and forwards (#1490607) - Fix PDF support
detection in Firefox > 19 (#1490610) - Fix path traversal vulnerability
(CWE-22)
in setting a skin (#1490620) - Fix so drag-n-drop of text (e.g. recipient
addresses) on compose page actually works (#1490619) **Packaging changes:** *
add .log suffix to all log file names, and rotate them all (may requires to
switch back to provided logrotate configuration)
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1269164 - Logrotate configuration /etc/logrotate.d/roundcubemail
is incomplete and should not contain "create"
https://bugzilla.redhat.com/show_bug.cgi?id=1269164
[ 2 ] Bug #1269155 - Insecure permissions of /var/lib/roundcubemail and
/var/log/roundcubemail
https://bugzilla.redhat.com/show_bug.cgi?id=1269155
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update roundcubemail' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung