drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in RoundCube Webmail
Name: |
Mehrere Probleme in RoundCube Webmail |
|
ID: |
FEDORA-2015-6e299214b8 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 23 |
|
Datum: |
Do, 7. Januar 2016, 21:59 |
|
Referenzen: |
https://bugzilla.redhat.com/show_bug.cgi?id=1269155 |
|
Applikationen: |
RoundCube Webmail |
|
Originalnachricht |
Name : roundcubemail Product : Fedora 23 Version : 1.1.4 Release : 2.fc23 URL : http://www.roundcube.net Summary : Round Cube Webmail is a browser-based multilingual IMAP client Description : RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2.
------------------------------------------------------------------------------- - Update Information:
**Release 1.1.4** - Add workaround for https://bugs.php.net/bug.php?id=70757 (#1490582) - Fix duplicate messages in list and wrong count after delete (#1490572) - Fix so Installer requires PHP5 - Make brute force attacks harder by re-generating security token on every failed login (#1490549) - Slow down brute- force attacks by waiting for a second after failed login (#1490549) - Fix .htaccess rewrite rules to not block .well-known URIs (#1490615) - Fix mail view scaling on iOS (#1490551) - Fix so database_attachments::cleanup() does not remove attachments from other sessions (#1490542) - Fix responses list update issue after response name change (#1490555) - Fix bug where message preview was unintentionally reset on check-recent action (#1490563) - Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#1490539) - Fix redundant blank lines when using HTML and top posting (#1490576) - Fix redundant blank lines on start of text after html to text conversion (#1490577) - Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583) - Fix invalid LDAP query in ACL user autocompletion (#1490591) - Fix regression in displaying contents of message/rfc822 parts (#1490606) - Fix handling of message/rfc822 attachments on replies and forwards (#1490607) - Fix PDF support detection in Firefox > 19 (#1490610) - Fix path traversal vulnerability (CWE-22) in setting a skin (#1490620) - Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#1490619) **Packaging changes:** * add .log suffix to all log file names, and rotate them all (may requires to switch back to provided logrotate configuration) ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1269164 - Logrotate configuration /etc/logrotate.d/roundcubemail is incomplete and should not contain "create" https://bugzilla.redhat.com/show_bug.cgi?id=1269164 [ 2 ] Bug #1269155 - Insecure permissions of /var/lib/roundcubemail and /var/log/roundcubemail https://bugzilla.redhat.com/show_bug.cgi?id=1269155 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update roundcubemail' at the command line. For more information, refer to "Managing Software with yum", available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|