[Bug 952006] Tracker bug for roundcubemail (13.1)

http://bugzilla.opensuse.org/show_bug.cgi?id=952006 http://bugzilla.opensuse.org/show_bug.cgi?id=952006#c1 Aeneas Jaißle changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |security-team@suse.de Flags| |needinfo?(security-team@sus | |e.de) --- Comment #1 from Aeneas Jaißle --- https://build.opensuse.org/request/show/340988 This update fixes one security issue and one bug. roundcubemail was updated to disallow unwanted access on files in the file system. The apache2 configuration file for roundcubemail allowed access to the roundcubemail/bin folder and possibly /logs, /config and /temp, if these were not symlinks (this is only the case when manually changed). This update comes with a fixed configuration. If you modified the file "/etc/apache2/conf.d/roundcubemail.conf", please replace it with the configuration "roundcubemail.conf.rpmnew" and reapply your changes. After that, a restart of apache2 is requried. This update also fixes an issue that causes apache2 not to start because "mod_version.c" is not loaded. -- You are receiving this mail because: You are on the CC list for the bug.