Mailinglist Archive: opensuse-updates (74 mails)

< Previous Next >
openSUSE-SU-2013:1420-1: moderate: roundcubemail: version update to 0.9.3
openSUSE Security Update: roundcubemail: version update to 0.9.3
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:1420-1
Rating: moderate
References: #803091 #837436
Cross-References: CVE-2012-6121 CVE-2013-5645
Affected Products:
openSUSE 12.3
openSUSE 12.2
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:


roundcubemail was updated to version 0.9.3 (bnc#837436)
(CVE-2013-5645)
* Optimized UI behavior for touch devices
* Fix setting refresh_interval to "Never" in Preferences
* Fix purge action in folder manager
* Fix base URL resolving on attribute values with no quotes
* Fix wrong handling of links with '|' character
* Fix colorspace issue on image conversion using
ImageMagick?
* Fix XSS vulnerability when saving HTML signatures
* Fix XSS vulnerability when editing a message "as new" or
draft
* Fix rewrite rule in .htaccess
* Fix detecting Turkish language in ISO-8859-9 encoding
* Fix identity-selection using Return-Path headers
* Fix parsing of links with ... in URL
* Fix compose priority selector when opening in new window
* Fix bug where signature wasn't changed on identity
selection when editing a draft
* Fix IMAP SETMETADATA parameters quoting
* Fix "could not load message" error on valid empty message
body
* Fix handling of message/rfc822 attachments on message
forward and edit
* Fix parsing of square bracket characters in IMAP response
strings
* Don't clear References and in-Reply-To when a message is
"edited as new"
* Fix messages list sorting with THREAD=REFS
* Remove deprecated (in PHP 5.5) PREG /e modifier usage
* Fix empty messages list when register_globals is enabled
* Fix so valid and set date.timezone is not required by
installer checks
* Canonize boolean ini_get() results
* Fix so install do not fail when one of DB driver checks
fails but other drivers exist
* Fix so exported vCard specifies encoding in v3-compatible
format
- Update to version 0.9.2
* Fix image thumbnails display in print mode
* Fix height of message headers block
* Fix timeout issue on drag&drop uploads
* Fix default sorting of threaded list when THREAD=REFS
isn't supported
* Fix list mode switch to 'List' after saving list settings
in Larry skin
* Fix error when there's no writeable addressbook source
* Fix zipdownload plugin issue with filenames charset
* Fix so non-inline images aren't skipped on forward
* Fix "null" instead of empty string on messages list in
IE10
* Fix legacy options handling
* Fix so bounces addresses in Sender headers are skipped on
Reply-All
* Fix bug where serialized strings were truncated in
PDO::quote()
* Fix displaying messages with invalid self-closing HTML
tags
* Fix PHP warning when responding to a message with many
Return-Path headers
* Fix unintentional compose window resize
* Fix performance regression in text wrapping function
* Fix connection to posgtres db using unix socket
* Fix handling of comma when adding contact from contacts
widget
* Fix bug where a message was opened in both preview pane
and new window on double-click
* Fix fatal error when xdebug.max_nesting_level was
exceeded in rcube_washtml
* Fix PHP warning in html_table::set_row_attribs() in PHP
5.4
* Fix invalid option selected in default_font selector when
font is unset
* Fix displaying contact with ID divisible by 100 in sql
addressbook
* Fix browser warnings on PDF plugin detection
* Fix fatal error when parsing UUencoded messages

- Update to version 0.9.1
* a lot of bugfixes and smaller improvements
(http://trac.roundcube.net/wiki/Changelog)

- Update to version 0.9.0
* Improved rendering of forwarded and attached messages
* Optionally display and compose email messages a new
windows
* Unified UI for message view and composition
* Show sender photos from contacts in email view
* Render thumbnails for image attachments
* Download all attachments as zip archive (using the
zipdownload plugin)
* Forward multiple emails as attachments
* CSV import for contacts


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.3:

zypper in -t patch openSUSE-2013-687

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-687

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.3 (noarch):

roundcubemail-0.9.3-1.8.1

- openSUSE 12.2 (noarch):

roundcubemail-0.9.3-3.16.1


References:

http://support.novell.com/security/cve/CVE-2012-6121.html
http://support.novell.com/security/cve/CVE-2013-5645.html
https://bugzilla.novell.com/803091
https://bugzilla.novell.com/837436


< Previous Next >
This Thread
  • No further messages