Alerts This Week
Warning Icon 1 914
Alerts This Week
Warning Icon 1 914

Fedora 29 Roundcube: 1.3.8 Security Advisory for XSS Issue

fedora
Calendar Grey November 9, 2018
Dist Fedora Esm H88
This release for Roundcube addresses several issues, notably a significant XSS security vulnerability, and enhances compatibility with both PHP and MySQL.
**Version 1.3.8** This is a service release to update the stable version 1.3 of Roundcube Webmail

Summary

RoundCube Webmail is a browser-based multilingual IMAP client

with an application-like user interface. It provides full

functionality you expect from an e-mail client, including MIME

support, address book, folder manipulation, message searching

and spell checking. RoundCube Webmail is written in PHP and

requires a database: MySQL, PostgreSQL and SQLite are known to

work. The user interface is fully skinnable using XHTML and

CSS 2.

**Version 1.3.8** This is a service release to update the stable version 1.3 of

Roundcube Webmail. It contains fixes to several bugs backported from the master

branch including a security fix for a reported XSS vulnerability plus updates to

ensure compatibility with PHP 7.3 and recent versions of Courier-IMAP, Dovecot

and MySQL 8. See the complete changelog below. **Changelog** - Fix PHP

warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374) - Fix so

fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3

(#6383) - Enigma: Fix deleting keys with authentication subkeys (#6381) - Fix

invalid regular expressions that throw warnings on PHP 7.3 (#6398) - Fix so

Classic skin splitter does not escape out of window (#6397) - Fix XSS issue in

handling invalid style tag content (#6410) - Fix compatibility with MySQL 8 -error on 'system' table use - Managesieve: Fix bug where show_real_foldernames

setting wasn't respected (#6422) - New_user_identity: Fix %fu/%u vars

substitution in user specific LDAP params (#6419) - Fix support for "allow-from

" in "x_frame_options" config option (#6449) - Fix bug where valid content

between HTML comments could have been skipped in some cases (#6464) - Fix

multiple VCard field search (#6466) - Fix session issue on long running requests

(#6470)

* Fri Oct 26 2018 Remi Collet - 1.3.8-1

- update to 1.3.8

su -c 'dnf upgrade --advisory FEDORA-2018-24d1e5a2c3' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory fedora software update xss mail client roundcube php compatibility

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Product: Fedora 29
Version: 1.3.8
Release: 1.fc29
URL: https://roundcube.net/
Summary: Round Cube Webmail is a browser-based multilingual IMAP client

Topics%20covered

Topics Covered

security advisory fedora software update xss mail client roundcube php compatibility

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here