- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LFE
——————————————————————————–
Fedora Update Notification
FEDORA-2016-b4896f20b3
2016-12-13 17:09:03.159312
——————————————————————————–
Name : roundcubemail
Product : Fedora 23
Version : 1.2.3
Release : 1.fc23
URL : http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.
——————————————————————————–
Update Information:
**Version 1.2.3** – Searching in both contacts and groups when LDAP addressbook
with group_filters option is used – Fix vulnerability in handling of mail()’s
5th argument – Fix To: header encoding in mail sent with mail() method (#5475) –
Fix flickering of header topline in min-mode (#5426) – Fix bug where folders
list would scroll to top when clicking on subscription checkbox (#5447) – Fix
decoding of GB2312/GBK text when iconv is not installed (#5448) – Fix regression
where creation of default folders wasn’t functioning without prefix (#5460) –
Enigma: Fix bug where last records on keys list were hidden (#5461) – Enigma:
Fix key search with keyword containing non-ascii characters (#5459) – Fix bug
where deleting folders with subfolders could fail in some cases (#5466) – Fix
bug where IMAP password could be exposed via error message (#5472) – Fix bug
where it wasn’t possible to store more that 2MB objects in memcache/apc, Added
memcache_max_allowed_packet and apc_max_allowed_packet settings (#5452) – Fix
“Illegal string offset” warning in rcube::log_bug() on PHP 7.1 (#5508) – Fix
storing “empty” values in rcube_cache/rcube_cache_shared (#5519) – Fix missing
content check when image resize fails on attachment thumbnail generation (#5485)
– Fix displaying attached images with wrong Content-Type specified (#5527)
——————————————————————————–
References:
[ 1 ] Bug #1403177 – CVE-2016-9920 roundcubemail: Code execution via mail()
https://bugzilla.redhat.com/show_bug.cgi?id=1403177
——————————————————————————–
This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade roundcubemail’ at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
——————————————————————————–
Fedora Update Notification
FEDORA-2016-60753c3dcd
2016-12-13 17:09:42.435441
——————————————————————————–
Name : roundcubemail
Product : Fedora 24
Version : 1.2.3
Release : 1.fc24
URL : http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.
——————————————————————————–
Update Information:
**Version 1.2.3** – Searching in both contacts and groups when LDAP addressbook
with group_filters option is used – Fix vulnerability in handling of mail()’s
5th argument – Fix To: header encoding in mail sent with mail() method (#5475) –
Fix flickering of header topline in min-mode (#5426) – Fix bug where folders
list would scroll to top when clicking on subscription checkbox (#5447) – Fix
decoding of GB2312/GBK text when iconv is not installed (#5448) – Fix regression
where creation of default folders wasn’t functioning without prefix (#5460) –
Enigma: Fix bug where last records on keys list were hidden (#5461) – Enigma:
Fix key search with keyword containing non-ascii characters (#5459) – Fix bug
where deleting folders with subfolders could fail in some cases (#5466) – Fix
bug where IMAP password could be exposed via error message (#5472) – Fix bug
where it wasn’t possible to store more that 2MB objects in memcache/apc, Added
memcache_max_allowed_packet and apc_max_allowed_packet settings (#5452) – Fix
“Illegal string offset” warning in rcube::log_bug() on PHP 7.1 (#5508) – Fix
storing “empty” values in rcube_cache/rcube_cache_shared (#5519) – Fix missing
content check when image resize fails on attachment thumbnail generation (#5485)
– Fix displaying attached images with wrong Content-Type specified (#5527)
——————————————————————————–
References:
[ 1 ] Bug #1403177 – CVE-2016-9920 roundcubemail: Code execution via mail()
https://bugzilla.redhat.com/show_bug.cgi?id=1403177
——————————————————————————–
This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade roundcubemail’ at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
——————————————————————————–
Fedora Update Notification
FEDORA-2016-d361d188d9
2016-12-10 20:56:57.152655
——————————————————————————–
Name : roundcubemail
Product : Fedora 25
Version : 1.2.3
Release : 1.fc25
URL : http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.
——————————————————————————–
Update Information:
**Version 1.2.3** – Searching in both contacts and groups when LDAP addressbook
with group_filters option is used – Fix vulnerability in handling of mail()’s
5th argument – Fix To: header encoding in mail sent with mail() method (#5475) –
Fix flickering of header topline in min-mode (#5426) – Fix bug where folders
list would scroll to top when clicking on subscription checkbox (#5447) – Fix
decoding of GB2312/GBK text when iconv is not installed (#5448) – Fix regression
where creation of default folders wasn’t functioning without prefix (#5460) –
Enigma: Fix bug where last records on keys list were hidden (#5461) – Enigma:
Fix key search with keyword containing non-ascii characters (#5459) – Fix bug
where deleting folders with subfolders could fail in some cases (#5466) – Fix
bug where IMAP password could be exposed via error message (#5472) – Fix bug
where it wasn’t possible to store more that 2MB objects in memcache/apc, Added
memcache_max_allowed_packet and apc_max_allowed_packet settings (#5452) – Fix
“Illegal string offset” warning in rcube::log_bug() on PHP 7.1 (#5508) – Fix
storing “empty” values in rcube_cache/rcube_cache_shared (#5519) – Fix missing
content check when image resize fails on attachment thumbnail generation (#5485)
– Fix displaying attached images with wrong Content-Type specified (#5527)
——————————————————————————–
References:
[ 1 ] Bug #1403177 – CVE-2016-9920 roundcubemail: Code execution via mail()
https://bugzilla.redhat.com/show_bug.cgi?id=1403177
——————————————————————————–
This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade roundcubemail’ at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
| Autor | Tomislav Protega |
| Cert id | NCERT-REF-2016-12-0097-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | http://www.adobe.com/ |
