Fedora 29: roundcubemail Security Update
Summary
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.
**Version 1.3.8** This is a service release to update the stable version 1.3 of
Roundcube Webmail. It contains fixes to several bugs backported from the master
branch including a security fix for a reported XSS vulnerability plus updates to
ensure compatibility with PHP 7.3 and recent versions of Courier-IMAP, Dovecot
and MySQL 8. See the complete changelog below. **Changelog** - Fix PHP
warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374) - Fix so
fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3
(#6383) - Enigma: Fix deleting keys with authentication subkeys (#6381) - Fix
invalid regular expressions that throw warnings on PHP 7.3 (#6398) - Fix so
Classic skin splitter does not escape out of window (#6397) - Fix XSS issue in
handling invalid style tag content (#6410) - Fix compatibility with MySQL 8 -error on 'system' table use - Managesieve: Fix bug where show_real_foldernames
setting wasn't respected (#6422) - New_user_identity: Fix %fu/%u vars
substitution in user specific LDAP params (#6419) - Fix support for "allow-from
between HTML comments could have been skipped in some cases (#6464) - Fix
multiple VCard field search (#6466) - Fix session issue on long running requests
(#6470)
* Fri Oct 26 2018 Remi Collet
- update to 1.3.8
su -c 'dnf upgrade --advisory FEDORA-2018-24d1e5a2c3' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
FEDORA-2018-24d1e5a2c3 2018-11-09 06:00:35.355700 Product : Fedora 29 Version : 1.3.8 Release : 1.fc29 URL : https://roundcube.net/ Summary : Round Cube Webmail is a browser-based multilingual IMAP client Description : RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2. **Version 1.3.8** This is a service release to update the stable version 1.3 of Roundcube Webmail. It contains fixes to several bugs backported from the master branch including a security fix for a reported XSS vulnerability plus updates to ensure compatibility with PHP 7.3 and recent versions of Courier-IMAP, Dovecot and MySQL 8. See the complete changelog below. **Changelog** - Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374) - Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383) - Enigma: Fix deleting keys with authentication subkeys (#6381) - Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398) - Fix so Classic skin splitter does not escape out of window (#6397) - Fix XSS issue in handling invalid style tag content (#6410) - Fix compatibility with MySQL 8 -error on 'system' table use - Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422) - New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419) - Fix support for "allow-from " in "x_frame_options" config option (#6449) - Fix bug where valid content between HTML comments could have been skipped in some cases (#6464) - Fix multiple VCard field search (#6466) - Fix session issue on long running requests (#6470) * Fri Oct 26 2018 Remi Collet - 1.3.8-1 - update to 1.3.8 su -c 'dnf upgrade --advisory FEDORA-2018-24d1e5a2c3' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Change Log
References