You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa roundcubemail

Sigurnosni nedostatak programskog paketa roundcubemail

——————————————————————————–
Fedora Update Notification
FEDORA-2018-d527206a77
2018-11-04 02:13:03.943457
——————————————————————————–

Name : roundcubemail
Product : Fedora 27
Version : 1.3.8
Release : 1.fc27
URL : http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.

——————————————————————————–
Update Information:

**Version 1.3.8** This is a service release to update the stable version 1.3 of
Roundcube Webmail. It contains fixes to several bugs backported from the master
branch including a security fix for a reported XSS vulnerability plus updates to
ensure compatibility with PHP 7.3 and recent versions of Courier-IMAP, Dovecot
and MySQL 8. See the complete changelog below. **Changelog** – Fix PHP
warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374) – Fix so
fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3
(#6383) – Enigma: Fix deleting keys with authentication subkeys (#6381) – Fix
invalid regular expressions that throw warnings on PHP 7.3 (#6398) – Fix so
Classic skin splitter does not escape out of window (#6397) – Fix XSS issue in
handling invalid style tag content (#6410) – Fix compatibility with MySQL 8 –
error on ‘system’ table use – Managesieve: Fix bug where show_real_foldernames
setting wasn’t respected (#6422) – New_user_identity: Fix %fu/%u vars
substitution in user specific LDAP params (#6419) – Fix support for “allow-from
<uri>” in “x_frame_options” config option (#6449) – Fix bug where valid content
between HTML comments could have been skipped in some cases (#6464) – Fix
multiple VCard field search (#6466) – Fix session issue on long running requests
(#6470)
——————————————————————————–
ChangeLog:

* Fri Oct 26 2018 Remi Collet <remi@remirepo.net> – 1.3.8-1
– update to 1.3.8
* Wed Aug 1 2018 Kevin Fenzi <kevin@scrye.com> – 1.3.7-1
– Update to 1.3.7. Fixes bug #1609445
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> – 1.3.6-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Apr 12 2018 Remi Collet <remi@remirepo.net> – 1.3.6-1
– Update to 1.3.6
* Fri Mar 16 2018 Remi Collet <remi@remirepo.net> – 1.3.5-1
– Update to 1.3.5
* Mon Jan 15 2018 Remi Collet <remi@remirepo.net> – 1.3.4-1
– Update to 1.3.4
– fix missing .log suffix #1520132
* Thu Nov 9 2017 Remi Collet <remi@remirepo.net> – 1.3.3-1
– Update to 1.3.3
* Tue Oct 31 2017 Kevin Fenzi <kevin@scrye.com> – 1.3.2-1
– Update to 1.3.2. Fixes bug #1508242
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2018-d527206a77’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2018-928e15e1db
2018-11-04 22:07:59.808302
——————————————————————————–

Name : roundcubemail
Product : Fedora 28
Version : 1.3.8
Release : 1.fc28
URL : http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.

——————————————————————————–
Update Information:

**Version 1.3.8** This is a service release to update the stable version 1.3 of
Roundcube Webmail. It contains fixes to several bugs backported from the master
branch including a security fix for a reported XSS vulnerability plus updates to
ensure compatibility with PHP 7.3 and recent versions of Courier-IMAP, Dovecot
and MySQL 8. See the complete changelog below. **Changelog** – Fix PHP
warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374) – Fix so
fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3
(#6383) – Enigma: Fix deleting keys with authentication subkeys (#6381) – Fix
invalid regular expressions that throw warnings on PHP 7.3 (#6398) – Fix so
Classic skin splitter does not escape out of window (#6397) – Fix XSS issue in
handling invalid style tag content (#6410) – Fix compatibility with MySQL 8 –
error on ‘system’ table use – Managesieve: Fix bug where show_real_foldernames
setting wasn’t respected (#6422) – New_user_identity: Fix %fu/%u vars
substitution in user specific LDAP params (#6419) – Fix support for “allow-from
<uri>” in “x_frame_options” config option (#6449) – Fix bug where valid content
between HTML comments could have been skipped in some cases (#6464) – Fix
multiple VCard field search (#6466) – Fix session issue on long running requests
(#6470)
——————————————————————————–
ChangeLog:

* Fri Oct 26 2018 Remi Collet <remi@remirepo.net> – 1.3.8-1
– update to 1.3.8
* Wed Aug 1 2018 Kevin Fenzi <kevin@scrye.com> – 1.3.7-1
– Update to 1.3.7. Fixes bug #1609445
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> – 1.3.6-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Apr 12 2018 Remi Collet <remi@remirepo.net> – 1.3.6-1
– Update to 1.3.6
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2018-928e15e1db’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa python-django

Otkriven je sigurnosni nedostatak u programskom paketu python-django za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje preusmjeravanje na proizvoljne...

Close