openSUSE Security Update: Security update for roundcubemail ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2577-1 Rating: moderate References: #1001856 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for roundcubemail to 1.1.6 fixes several issues (boo#1001856). These security issues were fixed: - Fix XSS issue in href attribute on area tag - Wash position:fixed style in HTML mail for better security These non-security issues were fixed: - Searching in both contacts and groups when LDAP addressbook with group_filters option is used - Use contact_search_name format in popup on results in compose contacts search - Fix missing localization of HTML editor when assets_dir != INSTALL_PATH - Fix handling of blockquote tags with mixed case on html2text conversion - Fix message list multi-select/deselect issue - Fix bug where contact search menu fields where always unchecked in Larry skin - Fix bug where message list columns could be in wrong order after column drag-n-drop and list sorting - Don't create multipart/alternative messages with empty text/plain part - Fix error causing empty INBOX listing in Firefox when using an URL with user:password specified Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-1205=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (noarch): roundcubemail-1.1.6-12.1 References: https://bugzilla.suse.com/1001856