[SECURITY] Fedora EPEL 6 Update: roundcubemail-1.0.2-1.el6

updates at fedoraproject.org updates at fedoraproject.org
Mon Sep 29 16:27:01 UTC 2014 

--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2014-2650
2014-09-12 18:15:56
--------------------------------------------------------------------------------

Name        : roundcubemail
Product     : Fedora EPEL 6
Version     : 1.0.2
Release     : 1.el6
URL         : http://www.roundcube.net
Summary     : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.

--------------------------------------------------------------------------------
Update Information:

Update to epel7 parity for feature and security enhancements.
php-pear-Auth-SASL-1.0.6-1.el6 to support roundcubemail update.

It's not a completely unattended install.  It used to work fine without a config.inc.pnp file, but now it requires one.
With version 1.0 of Roundcube, the structure of the config files changed. The previously used main.inc.php and db.inc.php files are now replaced with one single config.inc.php file which only contains the config options that differ from the defaults. This shall make future updates even simpler. Both, the command line update script as well as the installer will take care of the migration. Just note that from now on, the (one and only) config file for Roundcube is config.inc.php. Running /usr/share/roundcubemail/bin/update.sh seems to work.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1091445 - CVE-2012-4230 roundcubemail: tinymce: XSS attacks via security policy bypass [epel-6]
        https://bugzilla.redhat.com/show_bug.cgi?id=1091445
--------------------------------------------------------------------------------

This update can be installed with the "yum" update programs.  Use
su -c 'yum update roundcubemail' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora EPEL GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the epel-package-announce mailing list