-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2015-0630 2015-02-05 17:37:44 --------------------------------------------------------------------------------

Name : roundcubemail Product : Fedora EPEL 6 Version : 1.0.5 Release : 1.el6 URL : http://www.roundcube.net Summary : Round Cube Webmail is a browser-based multilingual IMAP client Description : RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2.

-------------------------------------------------------------------------------- Update Information:

Cross-site scripting vulnerability has been fixed in Roundcube 1.0.5 version.

http://roundcube.net/news/2015/01/24/security-update-1.0.5/ http://trac.roundcube.net/wiki/Changelog#RELEASE1.0.5 http://trac.roundcube.net/ticket/1490227

CVE request: http://www.openwall.com/lists/oss-security/2015/01/31/3 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1188203 - CVE-2015-1433 roundcubemail: crooss-site scripting in style attribute handling [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1188203 [ 2 ] Bug #1188202 - CVE-2015-1433 roundcubemail: crooss-site scripting in style attribute handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1188202 --------------------------------------------------------------------------------

This update can be installed with the "yum" update programs. Use su -c 'yum update roundcubemail' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------