drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in roundcubemail
| Name: |
Ausführen beliebiger Kommandos in roundcubemail |
|
| ID: |
FEDORA-2020-57f2df7424 |
|
| Distribution: |
Fedora |
|
| Plattformen: |
Fedora 30 |
|
| Datum: |
Sa, 9. Mai 2020, 09:23 |
|
| Referenzen: |
Keine Angabe |
|
| Applikationen: |
RoundCube Webmail |
|
Originalnachricht |
-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2020-57f2df7424
2020-05-09 03:43:03.361473
-------------------------------------------------------------------------------
-
Name : roundcubemail
Product : Fedora 30
Version : 1.4.4
Release : 1.fc30
URL : http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.
-------------------------------------------------------------------------------
-
Update Information:
**Version 1.4.4** This is a **service and security update** to the stable
version 1.4 of Roundcube Webmail. It contains four fixes for recently reported
security vulnerabilities as well a number of general improvements from our
issue
tracker. - Fix bug where attachments with Content-Id were attached to the
message on reply (#7122) - Fix identity selection on reply when both sender and
recipient addresses are included in identities (#7211) - Elastic: Fix text
selection with Shift+PageUp and Shift+PageDown in plain text editor when using
Chrome (#7230) - Elastic: Fix recipient input bug when using click to select a
contact from autocomplete list (#7231) - Elastic: Fix color of a folder with
recent messages (#7281) - Elastic: Restrict logo size in print view (#7275) -
Fix invalid Content-Type for messages with only html part and inline images -
Mail_Mime-1.10.7 (#7261) - Fix missing contact display name in QR Code data
(#7257) - Fix so button label in Select image/media dialogs is "Close"
not
"Cancel" (#7246) - Fix regression in testing database schema on MSSQL
(#7227) -
Fix cursor position after inserting a group to a recipient input using
autocompletion (#7267) - Fix string literals handling in IMAP STATUS (and
various other) responses (#7290) - Fix bug where multiple images in a message
were replaced by the first one on forward/reply/edit (#7293) - Fix handling
keyservers configured with protocol prefix (#7295) - Markasjunk: Fix marking as
spam/ham on moving messages with Move menu (#7189) - Markasjunk: Fix bug where
moving to Junk was failing on messages selected with Select > All (#7206) -
Fix
so imap error message is displayed to the user on folder create/update (#7245)
-
Fix bug where a special folder couldn't be created if a special-use flag is
not
supported (#7147) - Mailvelope: Fix bug where recipients with name were not
handled properly in mail compose (#7312) - Fix characters encoding in group
rename input after group creation/rename (#7330) - Fix bug where some
message/rfc822 parts could not be attached on forward (#7323) - Make install-
jsdeps.sh script working without the 'file' program installed (#7325) -
Fix
performance issue of parsing big HTML messages by disabling HTML5 parser for
these (#7331) - Fix so Print button for PDF attachments works on Firefox >=
75
(#5125) - **Security**: Fix XSS issue in handling of CDATA in HTML messages -
**Security**: Fix remote code execution via crafted 'im_convert_path'
or
'im_identify_path' settings - **Security**: Fix local file inclusion
(and code
execution) via crafted 'plugins' option - **Security**: Fix CSRF bypass
that
could be used to log out an authenticated user (#7302)
-------------------------------------------------------------------------------
-
ChangeLog:
* Thu Apr 30 2020 Remi Collet <remi@remirepo.net> - 1.4.4-1
- update to 1.4.4
-------------------------------------------------------------------------------
-
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-57f2df7424' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
|
|
|
|
