You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa roundcubemail

Sigurnosni nedostatak programskog paketa roundcubemail

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2015-431d39fbff
2016-01-07 23:40:26.814234
——————————————————————————–

Name : roundcubemail
Product : Fedora 22
Version : 1.1.4
Release : 2.fc22
URL : http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.

——————————————————————————–
Update Information:

**Release 1.1.4** – Add workaround for https://bugs.php.net/bug.php?id=70757
(#1490582) – Fix duplicate messages in list and wrong count after delete
(#1490572) – Fix so Installer requires PHP5 – Make brute force attacks harder by
re-generating security token on every failed login (#1490549) – Slow down brute-
force attacks by waiting for a second after failed login (#1490549) – Fix
.htaccess rewrite rules to not block .well-known URIs (#1490615) – Fix mail view
scaling on iOS (#1490551) – Fix so database_attachments::cleanup() does not
remove attachments from other sessions (#1490542) – Fix responses list update
issue after response name change (#1490555) – Fix bug where message preview was
unintentionally reset on check-recent action (#1490563) – Fix bug where HTML
messages with invalid/excessive css styles couldn’t be displayed (#1490539) –
Fix redundant blank lines when using HTML and top posting (#1490576) – Fix
redundant blank lines on start of text after html to text conversion (#1490577)
– Fix HTML sanitizer to skip <!– node type X –> in output (#1490583) – Fix
invalid LDAP query in ACL user autocompletion (#1490591) – Fix regression in
displaying contents of message/rfc822 parts (#1490606) – Fix handling of
message/rfc822 attachments on replies and forwards (#1490607) – Fix PDF support
detection in Firefox > 19 (#1490610) – Fix path traversal vulnerability (CWE-22)
in setting a skin (#1490620) – Fix so drag-n-drop of text (e.g. recipient
addresses) on compose page actually works (#1490619) **Packaging changes:** *
add .log suffix to all log file names, and rotate them all (may requires to
switch back to provided logrotate configuration)
——————————————————————————–
References:

[ 1 ] Bug #1269164 – Logrotate configuration /etc/logrotate.d/roundcubemail is incomplete and should not contain “create”
https://bugzilla.redhat.com/show_bug.cgi?id=1269164
[ 2 ] Bug #1269155 – Insecure permissions of /var/lib/roundcubemail and /var/log/roundcubemail
https://bugzilla.redhat.com/show_bug.cgi?id=1269155
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update roundcubemail’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2015-6e299214b8
2016-01-07 16:45:29.329838
——————————————————————————–

Name : roundcubemail
Product : Fedora 23
Version : 1.1.4
Release : 2.fc23
URL : http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.

——————————————————————————–
Update Information:

**Release 1.1.4** – Add workaround for https://bugs.php.net/bug.php?id=70757
(#1490582) – Fix duplicate messages in list and wrong count after delete
(#1490572) – Fix so Installer requires PHP5 – Make brute force attacks harder by
re-generating security token on every failed login (#1490549) – Slow down brute-
force attacks by waiting for a second after failed login (#1490549) – Fix
.htaccess rewrite rules to not block .well-known URIs (#1490615) – Fix mail view
scaling on iOS (#1490551) – Fix so database_attachments::cleanup() does not
remove attachments from other sessions (#1490542) – Fix responses list update
issue after response name change (#1490555) – Fix bug where message preview was
unintentionally reset on check-recent action (#1490563) – Fix bug where HTML
messages with invalid/excessive css styles couldn’t be displayed (#1490539) –
Fix redundant blank lines when using HTML and top posting (#1490576) – Fix
redundant blank lines on start of text after html to text conversion (#1490577)
– Fix HTML sanitizer to skip <!– node type X –> in output (#1490583) – Fix
invalid LDAP query in ACL user autocompletion (#1490591) – Fix regression in
displaying contents of message/rfc822 parts (#1490606) – Fix handling of
message/rfc822 attachments on replies and forwards (#1490607) – Fix PDF support
detection in Firefox > 19 (#1490610) – Fix path traversal vulnerability (CWE-22)
in setting a skin (#1490620) – Fix so drag-n-drop of text (e.g. recipient
addresses) on compose page actually works (#1490619) **Packaging changes:** *
add .log suffix to all log file names, and rotate them all (may requires to
switch back to provided logrotate configuration)
——————————————————————————–
References:

[ 1 ] Bug #1269164 – Logrotate configuration /etc/logrotate.d/roundcubemail is incomplete and should not contain “create”
https://bugzilla.redhat.com/show_bug.cgi?id=1269164
[ 2 ] Bug #1269155 – Insecure permissions of /var/lib/roundcubemail and /var/log/roundcubemail
https://bugzilla.redhat.com/show_bug.cgi?id=1269155
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update roundcubemail’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

AutorMarko Stanec
Cert idNCERT-REF-2016-01-0017-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa openssl

Otkriven je sigurnosni nedostatak u programskom paketu openssl za Ubuntu 12.04 LTS. Otkriveni nedostatak potencijalnim MITM napadačima omogućuje otkrivanje osjetljivih...

Close