[SECURITY] Fedora 22 Update: roundcubemail-1.1.2-1.fc22

updates at fedoraproject.org updates at fedoraproject.org
Wed Jul 29 01:46:24 UTC 2015

Fedora Update Notification
2015-07-13 16:44:19

Name        : roundcubemail
Product     : Fedora 22
Version     : 1.1.2
Release     : 1.fc22
URL         : http://www.roundcube.net
Summary     : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.

Update Information:

**Release 1.1.2**
* Add new plugin hook 'identity_create_after' providing the ID of the inserted identity (#1490358)
* Add option to place signature at bottom of the quoted text even in top-posting mode [sig_below]
* Fix handling of %-encoded entities in mailto: URLs (#1490346)
* Fix zipped messages downloads after selecting all messages in a folder (#1490339)
* Fix vpopmaild driver of password plugin
* Fix PHP warning: Non-static method PEAR::setErrorHandling() should not be called statically (#1490343)
* Fix tables listing routine on mysql and postgres so it skips system or other database tables and views (#1490337)
* Fix message list header in classic skin on window resize in Internet Explorer (#1490213)
* Fix so text/calendar parts are listed as attachments even if not marked as such (#1490325)
* Fix lack of signature separator for plain text signatures in html mode (#1490352)
* Fix font artifact in Google Chrome on Windows (#1490353)
* Fix bug where forced extwin page reload could exit from the extwin mode (#1490350)
* Fix bug where some unrelated attachments in multipart/related message were not listed (#1490355)
* Fix mouseup event handling when dragging a list record (#1490359)
* Fix bug where preview_pane setting wasn't always saved into user preferences (#1490362)
* Fix bug where messages count was not updated after message move/delete with skip_deleted=false (#1490372)
* Fix security issue in contact photo handling (#1490379)
* Fix possible memcache/apc cache data consistency issues (#1490390)
* Fix bug where imap_conn_options were ignored in IMAP connection test (#1490392)
* Fix bug where some files could have "executable" extension when stored in temp folder (#1490377)
* Fix attached file path unsetting in database_attachments plugin (#1490393)
* Fix issues when using moduserprefs.sh without --user argument (#1490399)
* Fix potential info disclosure issue by protecting directory access (#1490378)
* Fix blank image in html_signature when saving identity changes (#1490412)
* Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402)
* Fix XSS vulnerability in _mbox argument handling (#1490417) 

* Wed Jul  8 2015 Remi Collet <remi at fedoraproject.org> - 1.1.2-1
- update to 1.1.2 for CVE-2015-5381 CVE-2015-5382 CVE-2015-5383
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.1.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

  [ 1 ] Bug #1241056 - CVE-2015-5381 CVE-2015-5382 CVE-2015-5383 roundcubemail: vulnerabilities fixed in 1.1.2 and 1.0.6

This update can be installed with the "yum" update program.  Use
su -c 'yum update roundcubemail' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the package-announce mailing list