You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa roundcubemail

Sigurnosni nedostatak programskog paketa roundcubemail

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2019-09-08 03:08:52.300464

Name : roundcubemail
Product : Fedora 29
Version : 1.3.10
Release : 1.fc29
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.

Update Information:

**Version 1.3.10** – Managesieve: Fix so “Create filter” option does not show
up when Filters menu is disabled (#6723) – Enigma: Fix bug where revoked
users/keys were not greyed out in key info – Enigma: Fix error message when
trying to encrypt with a revoked key (#6607) – Enigma: Fix “decryption oracle”
bug [CVE-2019-10740] (#6638) – Fix compatibility with kolab/net_ldap3 > 1.0.7
(#6785) – Fix bug where bmp images couldn’t be displayed on some systems (#6728)
– Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp (#6744) –
Fix bug where bold/strong text was converted to upper-case on html-to-text
conversion (6758) – Fix bug in rcube_utils::parse_hosts() where %t, %d, %z could
return only tld (#6746) – Fix bug where Next/Prev button in mail view didn’t
work with multi-folder search result (#6793) – Fix bug where selection of
columns on messages list wasn’t working – Fix bug in converting multi-page Tiff
images to Jpeg (#6824) – Fix wrong messages order after returning to a multi-
folder search result (#6836) – Fix PHP 7.4 deprecation: implode() wrong
parameter order (#6866) – Fix bug where it was possible to bypass the
position:fixed CSS check in received messages (#6898) – Fix bug where some
strict remote URIs in url() style were unintentionally blocked (#6899) – Fix bug
where it was possible to bypass the CSS jail in HTML messages using :root
pseudo-class (#6897) – Fix bug where it was possible to bypass href URI check
with data:application/xhtml+xml URIs (#6896)

* Thu Aug 29 2019 Remi Collet <> – 1.3.10-1
– update to 1.3.10
– use range dependencies
* Sun Mar 31 2019 Remi Collet <> – 1.3.9-1
– update to 1.3.9
* Fri Oct 26 2018 Remi Collet <> – 1.3.8-1
– update to 1.3.8

[ 1 ] Bug #1747321 – CVE-2019-15237 roundcube: mishandling of Punycode xn-- domain name leads to homograph attack

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-d9c2f1ec70’ at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives:

AutorZvonimir Bosnjak
Cert idNCERT-REF-2019-09-0001-ADV
More in Preporuke
Sigurnosni nedostatak programskog paketa nsd

Otkriven je sigurnosni nedostatak u programskom paketu NSD za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izvršavanje proizvoljnog programskog...