Sicherheit: Fehlerhafte Zugriffsrechte in RoundCube Webmail - Pro-Linux

Name        : roundcubemail
Product     : Fedora 22
Version     : 1.1.4
Release     : 2.fc22
URL         : http://www.roundcube.net
Summary     : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.

-------------------------------------------------------------------------------
-
Update Information:

**Release 1.1.4**  - Add workaround for https://bugs.php.net/bug.php?id=70757
(#1490582) - Fix duplicate messages in list and wrong count after delete
(#1490572) - Fix so Installer requires PHP5 - Make brute force attacks harder
 by
re-generating security token on every failed login (#1490549) - Slow down
 brute-
force attacks by waiting for a second after failed login (#1490549) - Fix
.htaccess rewrite rules to not block .well-known URIs (#1490615) - Fix mail
 view
scaling on iOS (#1490551) - Fix so database_attachments::cleanup() does not
remove attachments from other sessions (#1490542) - Fix responses list update
issue after response name change (#1490555) - Fix bug where message preview was
unintentionally reset on check-recent action (#1490563) - Fix bug where HTML
messages with invalid/excessive css styles couldn't be displayed (#1490539)
 -
Fix redundant blank lines when using HTML and top posting (#1490576) - Fix
redundant blank lines on start of text after html to text conversion (#1490577)
- Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583) -
 Fix
invalid LDAP query in ACL user autocompletion (#1490591) - Fix regression in
displaying contents of message/rfc822 parts (#1490606) - Fix handling of
message/rfc822 attachments on replies and forwards (#1490607) - Fix PDF support
detection in Firefox > 19 (#1490610) - Fix path traversal vulnerability
 (CWE-22)
in setting a skin (#1490620) - Fix so drag-n-drop of text (e.g. recipient
addresses) on compose page actually works (#1490619)  **Packaging changes:**  *
add .log suffix to all log file names, and rotate them all (may requires to
switch back to provided logrotate configuration)
-------------------------------------------------------------------------------
-
References:

  [ 1 ] Bug #1269164 - Logrotate configuration /etc/logrotate.d/roundcubemail
 is incomplete and should not contain "create"
        https://bugzilla.redhat.com/show_bug.cgi?id=1269164
  [ 2 ] Bug #1269155 - Insecure permissions of /var/lib/roundcubemail and
 /var/log/roundcubemail
        https://bugzilla.redhat.com/show_bug.cgi?id=1269155
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update roundcubemail' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce