Mailinglist Archive: opensuse-updates (102 mails)

< Previous Next >
openSUSE-SU-2014:0365-1: moderate: roundcubemail: update to 0.9.5
openSUSE Security Update: roundcubemail: update to 0.9.5
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:0365-1
Rating: moderate
References: #847179
Cross-References: CVE-2013-6172
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:


roundcubemail was updated to 0.9.5 to fix bugs and security
issues.

Fixed security issues:
* CVE-2013-6172: vulnerability in handling _session
argument of utils/save-prefs

New upstream release 0.9.5 (bnc#847179) (CVE-2013-6172)
* Fix failing vCard import when email address field
contains spaces
* Fix default spell-check configuration after Google
suspended their spell service
* Fix vulnerability in handling _session argument of
utils/save-prefs
* Fix iframe onload for upload errors handling
* Fix address matching in Return-Path header on identity
selection
* Fix text wrapping issue with long unwrappable lines
* Fixed mispelling: occured -> occurred
* Fixed issues where HTML comments inside style tag would
hang Internet Explorer
* Fix setting domain in virtualmin password driver
* Hide Delivery Status Notification option when
smtp_server is unset
* Display full attachment name using title attribute when
name is too long to display
* Fix attachment icon issue when rare font/language is
used
* Fix expanded thread root message styling after
refreshing messages list
* Fix issue where From address was removed from Cc and
Bcc fields when editing a draft
* Fix error_reporting directive check
* Fix de_DE localization of "About" label in Help plugin


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-210

- openSUSE 12.3:

zypper in -t patch openSUSE-2014-210

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.1 (noarch):

php5-pear-Net_IDNA2-0.1.1-2.1
roundcubemail-0.9.5-2.5.1

- openSUSE 12.3 (noarch):

php5-pear-Net_IDNA2-0.1.1-2.1
roundcubemail-0.9.5-1.13.1


References:

http://support.novell.com/security/cve/CVE-2013-6172.html
https://bugzilla.novell.com/847179


< Previous Next >
This Thread
  • No further messages