You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa roundcubemail

Sigurnosni nedostatak programskog paketa roundcubemail

——————————————————————————–
Fedora Update Notification
FEDORA-2019-d9c2f1ec70
2019-09-08 03:08:52.300464
——————————————————————————–

Name : roundcubemail
Product : Fedora 29
Version : 1.3.10
Release : 1.fc29
URL : http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.

——————————————————————————–
Update Information:

**Version 1.3.10** – Managesieve: Fix so “Create filter” option does not show
up when Filters menu is disabled (#6723) – Enigma: Fix bug where revoked
users/keys were not greyed out in key info – Enigma: Fix error message when
trying to encrypt with a revoked key (#6607) – Enigma: Fix “decryption oracle”
bug [CVE-2019-10740] (#6638) – Fix compatibility with kolab/net_ldap3 > 1.0.7
(#6785) – Fix bug where bmp images couldn’t be displayed on some systems (#6728)
– Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp (#6744) –
Fix bug where bold/strong text was converted to upper-case on html-to-text
conversion (6758) – Fix bug in rcube_utils::parse_hosts() where %t, %d, %z could
return only tld (#6746) – Fix bug where Next/Prev button in mail view didn’t
work with multi-folder search result (#6793) – Fix bug where selection of
columns on messages list wasn’t working – Fix bug in converting multi-page Tiff
images to Jpeg (#6824) – Fix wrong messages order after returning to a multi-
folder search result (#6836) – Fix PHP 7.4 deprecation: implode() wrong
parameter order (#6866) – Fix bug where it was possible to bypass the
position:fixed CSS check in received messages (#6898) – Fix bug where some
strict remote URIs in url() style were unintentionally blocked (#6899) – Fix bug
where it was possible to bypass the CSS jail in HTML messages using :root
pseudo-class (#6897) – Fix bug where it was possible to bypass href URI check
with data:application/xhtml+xml URIs (#6896)
——————————————————————————–
ChangeLog:

* Thu Aug 29 2019 Remi Collet <remi@remirepo.net> – 1.3.10-1
– update to 1.3.10
– use range dependencies
* Sun Mar 31 2019 Remi Collet <remi@remirepo.net> – 1.3.9-1
– update to 1.3.9
* Fri Oct 26 2018 Remi Collet <remi@remirepo.net> – 1.3.8-1
– update to 1.3.8
——————————————————————————–
References:

[ 1 ] Bug #1747321 – CVE-2019-15237 roundcube: mishandling of Punycode xn-- domain name leads to homograph attack
https://bugzilla.redhat.com/show_bug.cgi?id=1747321
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-d9c2f1ec70’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa nsd

Otkriven je sigurnosni nedostatak u programskom paketu NSD za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izvršavanje proizvoljnog programskog...

Close