Sicherheit: Mehrere Probleme in roundcubemail
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in roundcubemail
ID: FEDORA-2020-2a1a6a8432
Distribution: Fedora
Plattformen: Fedora 31
Datum: Fr, 19. Juni 2020, 06:23
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965
Applikationen: RoundCube Webmail


Fedora Update Notification
2020-06-19 01:04:58.922107

Name : roundcubemail
Product : Fedora 31
Version : 1.4.6
Release : 1.fc31
URL : http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.

Update Information:

**RELEASE 1.4.6** - Installer: Fix regression in SMTP test section (#7417)
---- **RELEASE 1.4.5** - Fix bug in extracting required plugins from
composer.json that led to spurious error in log (#7364) - Fix so the database
setup description is compatible with MySQL 8 (#7340) - Markasjunk: Fix
regression in jsevent driver (#7361) - Fix missing flag indication on collapsed
thread in Larry and Elastic (#7366) - Fix default keyservers (use
keys.openpgp.org), add note about CORS (#7373, #7367) - Password: Fix issue
Modoboa driver (#7372) - Mailvelope: Use sender's address to find pubkeys
check signatures (#7348) - Mailvelope: Fix Encrypt button hidden in Elastic
(#7353) - Fix PHP warning: count(): Parameter must be an array or an object...
in ID command handler (#7392) - Fix error when user-configured skin does not
exist anymore (#7271) - Elastic: Fix aspect ratio of a contact photo in mail
preview (#7339) - Fix bug where PDF attachments marked as inline could have not
been attached on mail forward (#7382) - **Security**: Fix a couple of XSS
in Installer (#7406) - **Security**: Fix XSS issue in template object
(#7406) - **Security**: Better fix for CVE-2020-12641 - **Security**: Fix
site scripting (XSS) via malicious XML attachment

* Mon Jun 8 2020 Remi Collet <remi@remirepo.net> - 1.4.6-1
- update to 1.4.6
* Tue Jun 2 2020 Remi Collet <remi@remirepo.net> - 1.4.5-1
- update to 1.4.5
- fix logrotate configuration file permissions

[ 1 ] Bug #1848338 - CVE-2020-13965 roundcubemail: XSS via a malicious XML
[ 2 ] Bug #1848341 - CVE-2020-13964 roundcubemail: XSS via the username
template object

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-2a1a6a8432' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux @Facebook
Neue Nachrichten