Mailinglist Archive: opensuse-updates (102 mails)

< Previous Next >
openSUSE-SU-2014:0365-1: moderate: roundcubemail: update to 0.9.5
openSUSE Security Update: roundcubemail: update to 0.9.5

Announcement ID: openSUSE-SU-2014:0365-1
Rating: moderate
References: #847179
Cross-References: CVE-2013-6172
Affected Products:
openSUSE 13.1
openSUSE 12.3

An update that fixes one vulnerability is now available.


roundcubemail was updated to 0.9.5 to fix bugs and security

Fixed security issues:
* CVE-2013-6172: vulnerability in handling _session
argument of utils/save-prefs

New upstream release 0.9.5 (bnc#847179) (CVE-2013-6172)
* Fix failing vCard import when email address field
contains spaces
* Fix default spell-check configuration after Google
suspended their spell service
* Fix vulnerability in handling _session argument of
* Fix iframe onload for upload errors handling
* Fix address matching in Return-Path header on identity
* Fix text wrapping issue with long unwrappable lines
* Fixed mispelling: occured -> occurred
* Fixed issues where HTML comments inside style tag would
hang Internet Explorer
* Fix setting domain in virtualmin password driver
* Hide Delivery Status Notification option when
smtp_server is unset
* Display full attachment name using title attribute when
name is too long to display
* Fix attachment icon issue when rare font/language is
* Fix expanded thread root message styling after
refreshing messages list
* Fix issue where From address was removed from Cc and
Bcc fields when editing a draft
* Fix error_reporting directive check
* Fix de_DE localization of "About" label in Help plugin

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-210

- openSUSE 12.3:

zypper in -t patch openSUSE-2014-210

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 13.1 (noarch):


- openSUSE 12.3 (noarch):



< Previous Next >
This Thread
  • No further messages