| |||||||||||||||||||
Fedora alert FEDORA-2013-15221 (roundcubemail)
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2013-15221 2013-08-23 22:43:18 -------------------------------------------------------------------------------- Name : roundcubemail Product : Fedora 19 Version : 0.9.3 Release : 2.fc19 URL : http://www.roundcube.net Summary : Round Cube Webmail is a browser-based multilingual IMAP client Description : RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2. -------------------------------------------------------------------------------- Update Information: Two XSS flaws were fixed in roundcube 0.9.3 [1]: * Fix XSS vulnerability when saving HTML signatures [2],[3] * Fix XSS vulnerability when editing a message "as new" or draft [2],[4] [1] http://trac.roundcube.net/wiki/Changelog#RELEASE0.9.3 [2] http://trac.roundcube.net/ticket/1489251 [3] http://trac.roundcube.net/changeset/ce5a6496fd6039962ba74... [4] http://trac.roundcube.net/changeset/93b0a30c1c8aa29d862b5... -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 23 2013 Adam Williamson <awilliam@redhat.com> - 0.9.3-2 - patch tinymce to cope elegantly with Flash binary being removed * Fri Aug 23 2013 Jon Ciesla <limburgher@gmail.com> - 0.9.3-1 - Fix two XSS vulnerabilities: - http://trac.roundcube.net/ticket/1489251 * Fri Aug 16 2013 Jon Ciesla <limburgher@gmail.com> - 0.9.2-3 - Drop precompiled flash. * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Mon Jun 17 2013 Adam Williamson <awilliam@redhat.com> - 0.9.2-1 - latest upstream - correct License field, add comment on complex licensing case -------------------------------------------------------------------------------- References: [ 1 ] Bug #1000511 - roundcubemail: two XSS flaws fixed in 0.9.3 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1000511 [ 2 ] Bug #1000512 - roundcubemail: two XSS flaws fixed in 0.9.3 [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1000512 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update roundcubemail' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-... (Log in to post comments)
|
|||||||||||||||||||