Fedora 30: roundcubemail FEDORA-2020-57f2df7424
Summary
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires a database: MySQL, PostgreSQL and SQLite are known to
work. The user interface is fully skinnable using XHTML and
CSS 2.
**Version 1.4.4** This is a **service and security update** to the stable
version 1.4 of Roundcube Webmail. It contains four fixes for recently reported
security vulnerabilities as well a number of general improvements from our issue
tracker. - Fix bug where attachments with Content-Id were attached to the
message on reply (#7122) - Fix identity selection on reply when both sender and
recipient addresses are included in identities (#7211) - Elastic: Fix text
selection with Shift+PageUp and Shift+PageDown in plain text editor when using
Chrome (#7230) - Elastic: Fix recipient input bug when using click to select a
contact from autocomplete list (#7231) - Elastic: Fix color of a folder with
recent messages (#7281) - Elastic: Restrict logo size in print view (#7275) -Fix invalid Content-Type for messages with only html part and inline images -Mail_Mime-1.10.7 (#7261) - Fix missing contact display name in QR Code data
(#7257) - Fix so button label in Select image/media dialogs is "Close" not
"Cancel" (#7246) - Fix regression in testing database schema on MSSQL (#7227) -Fix cursor position after inserting a group to a recipient input using
autocompletion (#7267) - Fix string literals handling in IMAP STATUS (and
various other) responses (#7290) - Fix bug where multiple images in a message
were replaced by the first one on forward/reply/edit (#7293) - Fix handling
keyservers configured with protocol prefix (#7295) - Markasjunk: Fix marking as
spam/ham on moving messages with Move menu (#7189) - Markasjunk: Fix bug where
moving to Junk was failing on messages selected with Select > All (#7206) - Fix
so imap error message is displayed to the user on folder create/update (#7245) -Fix bug where a special folder couldn't be created if a special-use flag is not
supported (#7147) - Mailvelope: Fix bug where recipients with name were not
handled properly in mail compose (#7312) - Fix characters encoding in group
rename input after group creation/rename (#7330) - Fix bug where some
message/rfc822 parts could not be attached on forward (#7323) - Make install-jsdeps.sh script working without the 'file' program installed (#7325) - Fix
performance issue of parsing big HTML messages by disabling HTML5 parser for
these (#7331) - Fix so Print button for PDF attachments works on Firefox >= 75
(#5125) - **Security**: Fix XSS issue in handling of CDATA in HTML messages -**Security**: Fix remote code execution via crafted 'im_convert_path' or
'im_identify_path' settings - **Security**: Fix local file inclusion (and code
execution) via crafted 'plugins' option - **Security**: Fix CSRF bypass that
could be used to log out an authenticated user (#7302)
* Thu Apr 30 2020 Remi Collet
- update to 1.4.4
su -c 'dnf upgrade --advisory FEDORA-2020-57f2df7424' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
FEDORA-2020-57f2df7424 2020-05-09 03:43:03.361473 Product : Fedora 30 Version : 1.4.4 Release : 1.fc30 URL : https://roundcube.net/ Summary : Round Cube Webmail is a browser-based multilingual IMAP client Description : RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2. **Version 1.4.4** This is a **service and security update** to the stable version 1.4 of Roundcube Webmail. It contains four fixes for recently reported security vulnerabilities as well a number of general improvements from our issue tracker. - Fix bug where attachments with Content-Id were attached to the message on reply (#7122) - Fix identity selection on reply when both sender and recipient addresses are included in identities (#7211) - Elastic: Fix text selection with Shift+PageUp and Shift+PageDown in plain text editor when using Chrome (#7230) - Elastic: Fix recipient input bug when using click to select a contact from autocomplete list (#7231) - Elastic: Fix color of a folder with recent messages (#7281) - Elastic: Restrict logo size in print view (#7275) -Fix invalid Content-Type for messages with only html part and inline images -Mail_Mime-1.10.7 (#7261) - Fix missing contact display name in QR Code data (#7257) - Fix so button label in Select image/media dialogs is "Close" not "Cancel" (#7246) - Fix regression in testing database schema on MSSQL (#7227) -Fix cursor position after inserting a group to a recipient input using autocompletion (#7267) - Fix string literals handling in IMAP STATUS (and various other) responses (#7290) - Fix bug where multiple images in a message were replaced by the first one on forward/reply/edit (#7293) - Fix handling keyservers configured with protocol prefix (#7295) - Markasjunk: Fix marking as spam/ham on moving messages with Move menu (#7189) - Markasjunk: Fix bug where moving to Junk was failing on messages selected with Select > All (#7206) - Fix so imap error message is displayed to the user on folder create/update (#7245) -Fix bug where a special folder couldn't be created if a special-use flag is not supported (#7147) - Mailvelope: Fix bug where recipients with name were not handled properly in mail compose (#7312) - Fix characters encoding in group rename input after group creation/rename (#7330) - Fix bug where some message/rfc822 parts could not be attached on forward (#7323) - Make install-jsdeps.sh script working without the 'file' program installed (#7325) - Fix performance issue of parsing big HTML messages by disabling HTML5 parser for these (#7331) - Fix so Print button for PDF attachments works on Firefox >= 75 (#5125) - **Security**: Fix XSS issue in handling of CDATA in HTML messages -**Security**: Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings - **Security**: Fix local file inclusion (and code execution) via crafted 'plugins' option - **Security**: Fix CSRF bypass that could be used to log out an authenticated user (#7302) * Thu Apr 30 2020 Remi Collet - 1.4.4-1 - update to 1.4.4 su -c 'dnf upgrade --advisory FEDORA-2020-57f2df7424' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Change Log
References
Update Instructions
