You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa roundcubemail

Sigurnosni nedostaci programskog paketa roundcubemail

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2015-11469
2015-07-13 16:47:08
——————————————————————————–

Name : roundcubemail
Product : Fedora 21
Version : 1.1.2
Release : 1.fc21
URL : http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.

——————————————————————————–
Update Information:

**Release 1.1.2**
* Add new plugin hook ‘identity_create_after’ providing the ID of the inserted identity (#1490358)
* Add option to place signature at bottom of the quoted text even in top-posting mode [sig_below]
* Fix handling of %-encoded entities in mailto: URLs (#1490346)
* Fix zipped messages downloads after selecting all messages in a folder (#1490339)
* Fix vpopmaild driver of password plugin
* Fix PHP warning: Non-static method PEAR::setErrorHandling() should not be called statically (#1490343)
* Fix tables listing routine on mysql and postgres so it skips system or other database tables and views (#1490337)
* Fix message list header in classic skin on window resize in Internet Explorer (#1490213)
* Fix so text/calendar parts are listed as attachments even if not marked as such (#1490325)
* Fix lack of signature separator for plain text signatures in html mode (#1490352)
* Fix font artifact in Google Chrome on Windows (#1490353)
* Fix bug where forced extwin page reload could exit from the extwin mode (#1490350)
* Fix bug where some unrelated attachments in multipart/related message were not listed (#1490355)
* Fix mouseup event handling when dragging a list record (#1490359)
* Fix bug where preview_pane setting wasn’t always saved into user preferences (#1490362)
* Fix bug where messages count was not updated after message move/delete with skip_deleted=false (#1490372)
* Fix security issue in contact photo handling (#1490379)
* Fix possible memcache/apc cache data consistency issues (#1490390)
* Fix bug where imap_conn_options were ignored in IMAP connection test (#1490392)
* Fix bug where some files could have “executable” extension when stored in temp folder (#1490377)
* Fix attached file path unsetting in database_attachments plugin (#1490393)
* Fix issues when using moduserprefs.sh without –user argument (#1490399)
* Fix potential info disclosure issue by protecting directory access (#1490378)
* Fix blank image in html_signature when saving identity changes (#1490412)
* Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402)
* Fix XSS vulnerability in _mbox argument handling (#1490417)
——————————————————————————–
ChangeLog:

* Wed Jul 8 2015 Remi Collet <remi@fedoraproject.org> – 1.1.2-1
– update to 1.1.2 for CVE-2015-5381 CVE-2015-5382 CVE-2015-5383
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 1.1.1-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Wed Mar 25 2015 Robert Scheck <robert@fedoraproject.org> – 1.1.1-2
– switch run-time requirement from php-mcrypt to php-openssl
* Fri Mar 20 2015 Remi Collet <remi@fedoraproject.org> – 1.1.1-1
– update to 1.1.1
* Wed Mar 4 2015 Remi Collet <remi@fedoraproject.org> – 1.1.0-2
– add optional dependencies for LDAP management on
Net_LDAP2 and Net_LDAP3
* Mon Feb 16 2015 Remi Collet <remi@fedoraproject.org> – 1.1.0-1
– update to 1.1.0
– provide Nginx configuration (Fedora >= 21)
– use %license
* Thu Feb 5 2015 Jon Ciesla <limburgher@gmail.com> – 1.0.5-1
– Fix for security issues.
* Sat Dec 20 2014 Adam Williamson <awilliam@redhat.com> – 1.0.4-2
– drop tinymce bbcode plugin for safety (CVE-2012-4230)
* Sat Dec 20 2014 Adam Williamson <awilliam@redhat.com> – 1.0.4-1
– new release 1.0.4 (security update)
——————————————————————————–
References:

[ 1 ] Bug #1241056 – CVE-2015-5381 CVE-2015-5382 CVE-2015-5383 roundcubemail: vulnerabilities fixed in 1.1.2 and 1.0.6
https://bugzilla.redhat.com/show_bug.cgi?id=1241056
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update roundcubemail’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2015-11405
2015-07-13 16:44:19
——————————————————————————–

Name : roundcubemail
Product : Fedora 22
Version : 1.1.2
Release : 1.fc22
URL : http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.

——————————————————————————–
Update Information:

**Release 1.1.2**
* Add new plugin hook ‘identity_create_after’ providing the ID of the inserted identity (#1490358)
* Add option to place signature at bottom of the quoted text even in top-posting mode [sig_below]
* Fix handling of %-encoded entities in mailto: URLs (#1490346)
* Fix zipped messages downloads after selecting all messages in a folder (#1490339)
* Fix vpopmaild driver of password plugin
* Fix PHP warning: Non-static method PEAR::setErrorHandling() should not be called statically (#1490343)
* Fix tables listing routine on mysql and postgres so it skips system or other database tables and views (#1490337)
* Fix message list header in classic skin on window resize in Internet Explorer (#1490213)
* Fix so text/calendar parts are listed as attachments even if not marked as such (#1490325)
* Fix lack of signature separator for plain text signatures in html mode (#1490352)
* Fix font artifact in Google Chrome on Windows (#1490353)
* Fix bug where forced extwin page reload could exit from the extwin mode (#1490350)
* Fix bug where some unrelated attachments in multipart/related message were not listed (#1490355)
* Fix mouseup event handling when dragging a list record (#1490359)
* Fix bug where preview_pane setting wasn’t always saved into user preferences (#1490362)
* Fix bug where messages count was not updated after message move/delete with skip_deleted=false (#1490372)
* Fix security issue in contact photo handling (#1490379)
* Fix possible memcache/apc cache data consistency issues (#1490390)
* Fix bug where imap_conn_options were ignored in IMAP connection test (#1490392)
* Fix bug where some files could have “executable” extension when stored in temp folder (#1490377)
* Fix attached file path unsetting in database_attachments plugin (#1490393)
* Fix issues when using moduserprefs.sh without –user argument (#1490399)
* Fix potential info disclosure issue by protecting directory access (#1490378)
* Fix blank image in html_signature when saving identity changes (#1490412)
* Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402)
* Fix XSS vulnerability in _mbox argument handling (#1490417)
——————————————————————————–
ChangeLog:

* Wed Jul 8 2015 Remi Collet <remi@fedoraproject.org> – 1.1.2-1
– update to 1.1.2 for CVE-2015-5381 CVE-2015-5382 CVE-2015-5383
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 1.1.1-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
——————————————————————————–
References:

[ 1 ] Bug #1241056 – CVE-2015-5381 CVE-2015-5382 CVE-2015-5383 roundcubemail: vulnerabilities fixed in 1.1.2 and 1.0.6
https://bugzilla.redhat.com/show_bug.cgi?id=1241056
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update roundcubemail’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

AutorMarko Stanec
Cert idNCERT-REF-2015-07-0014-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa libidn

Otkriven je sigurnosni nedostatak u programskom paketu libidn za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija....

Close