[SECURITY] Fedora 22 Update: roundcubemail-1.1.4-2.fc22
updates at fedoraproject.org
updates at fedoraproject.org
Fri Jan 8 03:33:18 UTC 2016
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-431d39fbff
2016-01-07 23:40:26.814234
--------------------------------------------------------------------------------
Name : roundcubemail
Product : Fedora 22
Version : 1.1.4
Release : 2.fc22
URL : http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.
--------------------------------------------------------------------------------
Update Information:
**Release 1.1.4** - Add workaround for https://bugs.php.net/bug.php?id=70757
(#1490582) - Fix duplicate messages in list and wrong count after delete
(#1490572) - Fix so Installer requires PHP5 - Make brute force attacks harder by
re-generating security token on every failed login (#1490549) - Slow down brute-
force attacks by waiting for a second after failed login (#1490549) - Fix
.htaccess rewrite rules to not block .well-known URIs (#1490615) - Fix mail view
scaling on iOS (#1490551) - Fix so database_attachments::cleanup() does not
remove attachments from other sessions (#1490542) - Fix responses list update
issue after response name change (#1490555) - Fix bug where message preview was
unintentionally reset on check-recent action (#1490563) - Fix bug where HTML
messages with invalid/excessive css styles couldn't be displayed (#1490539) -
Fix redundant blank lines when using HTML and top posting (#1490576) - Fix
redundant blank lines on start of text after html to text conversion (#1490577)
- Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583) - Fix
invalid LDAP query in ACL user autocompletion (#1490591) - Fix regression in
displaying contents of message/rfc822 parts (#1490606) - Fix handling of
message/rfc822 attachments on replies and forwards (#1490607) - Fix PDF support
detection in Firefox > 19 (#1490610) - Fix path traversal vulnerability (CWE-22)
in setting a skin (#1490620) - Fix so drag-n-drop of text (e.g. recipient
addresses) on compose page actually works (#1490619) **Packaging changes:** *
add .log suffix to all log file names, and rotate them all (may requires to
switch back to provided logrotate configuration)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1269164 - Logrotate configuration /etc/logrotate.d/roundcubemail is incomplete and should not contain "create"
https://bugzilla.redhat.com/show_bug.cgi?id=1269164
[ 2 ] Bug #1269155 - Insecure permissions of /var/lib/roundcubemail and /var/log/roundcubemail
https://bugzilla.redhat.com/show_bug.cgi?id=1269155
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update roundcubemail' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list