Mailinglist Archive: opensuse-updates (118 mails)

< Previous Next >
openSUSE-SU-2016:2577-1: moderate: Security update for roundcubemail
openSUSE Security Update: Security update for roundcubemail
______________________________________________________________________________

Announcement ID: openSUSE-SU-2016:2577-1
Rating: moderate
References: #1001856
Affected Products:
openSUSE Leap 42.1
______________________________________________________________________________

An update that contains security fixes can now be installed.

Description:


This update for roundcubemail to 1.1.6 fixes several issues (boo#1001856).

These security issues were fixed:
- Fix XSS issue in href attribute on area tag
- Wash position:fixed style in HTML mail for better security

These non-security issues were fixed:
- Searching in both contacts and groups when LDAP addressbook with
group_filters option is used
- Use contact_search_name format in popup on results in compose contacts
search
- Fix missing localization of HTML editor when assets_dir != INSTALL_PATH
- Fix handling of blockquote tags with mixed case on html2text conversion
- Fix message list multi-select/deselect issue
- Fix bug where contact search menu fields where always unchecked in Larry
skin
- Fix bug where message list columns could be in wrong order after column
drag-n-drop and list sorting
- Don't create multipart/alternative messages with empty text/plain part
- Fix error causing empty INBOX listing in Firefox when using an URL with
user:password specified


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2016-1205=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE Leap 42.1 (noarch):

roundcubemail-1.1.6-12.1


References:

https://bugzilla.suse.com/1001856


< Previous Next >
This Thread
  • No further messages