--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2015-7327
2015-07-27 21:19:16
--------------------------------------------------------------------------------
Name : roundcubemail
Product : Fedora EPEL 6
Version : 1.0.6
Release : 1.el6
URL :
http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.
--------------------------------------------------------------------------------
Update Information:
Roundcube Webmail 1.0.6
=======================
* Make SMTP error log more verbose - include server response and error code
* Fix rows count when messages search fails
* Fix security issue in DBMail driver of password plugin
* Fix handling of some improper constructs in format=flowed text as per the
RFC3676[4.5]
* Fix missing or not up-to-date CATEGORIES entry in vCard export
* Fix duplicate entry on timezones list in rcube_config::timezone_name_from_abbr()
* Fix handling of %-encoded entities in mailto: URLs
* Fix bug where messages count was not updated after message move/delete with
skip_deleted=false
* Fix security issue in contact photo handling
* Fix bug where database_attachments_cache setting was not working
* Fix attached file path unsetting in database_attachments plugin
* Fix issues when using moduserprefs.sh without --user argument
Downstream Changes
==================
* Remove "su" option from logrotate configuration file (requires logrotate
>= 3.8.0) to avoid daily logrotate errors with RHEL 6.7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1241056 - CVE-2015-5381 CVE-2015-5382 CVE-2015-5383 roundcubemail:
vulnerabilities fixed in 1.1.2 and 1.0.6
https://bugzilla.redhat.com/show_bug.cgi?id=1241056
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update roundcubemail' at the command line.
For more information, refer to "Managing Software with yum",
available at
http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------