User: Password:
|
|
Subscribe / Log in / New account

openSUSE alert openSUSE-SU-2013:1420-1 (roundcubemail)

From:  opensuse-security@opensuse.org
To:  opensuse-updates@opensuse.org
Subject:  openSUSE-SU-2013:1420-1: moderate: roundcubemail: version update to 0.9.3
Date:  Mon, 9 Sep 2013 15:04:14 +0200 (CEST)
Message-ID:  <20130909130414.81E5E321CE@maintenance.suse.de>
Archive-link:  Article, Thread

openSUSE Security Update: roundcubemail: version update to 0.9.3 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1420-1 Rating: moderate References: #803091 #837436 Cross-References: CVE-2012-6121 CVE-2013-5645 Affected Products: openSUSE 12.3 openSUSE 12.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: roundcubemail was updated to version 0.9.3 (bnc#837436) (CVE-2013-5645) * Optimized UI behavior for touch devices * Fix setting refresh_interval to "Never" in Preferences * Fix purge action in folder manager * Fix base URL resolving on attribute values with no quotes * Fix wrong handling of links with '|' character * Fix colorspace issue on image conversion using ImageMagick? * Fix XSS vulnerability when saving HTML signatures * Fix XSS vulnerability when editing a message "as new" or draft * Fix rewrite rule in .htaccess * Fix detecting Turkish language in ISO-8859-9 encoding * Fix identity-selection using Return-Path headers * Fix parsing of links with ... in URL * Fix compose priority selector when opening in new window * Fix bug where signature wasn't changed on identity selection when editing a draft * Fix IMAP SETMETADATA parameters quoting * Fix "could not load message" error on valid empty message body * Fix handling of message/rfc822 attachments on message forward and edit * Fix parsing of square bracket characters in IMAP response strings * Don't clear References and in-Reply-To when a message is "edited as new" * Fix messages list sorting with THREAD=REFS * Remove deprecated (in PHP 5.5) PREG /e modifier usage * Fix empty messages list when register_globals is enabled * Fix so valid and set date.timezone is not required by installer checks * Canonize boolean ini_get() results * Fix so install do not fail when one of DB driver checks fails but other drivers exist * Fix so exported vCard specifies encoding in v3-compatible format - Update to version 0.9.2 * Fix image thumbnails display in print mode * Fix height of message headers block * Fix timeout issue on drag&drop uploads * Fix default sorting of threaded list when THREAD=REFS isn't supported * Fix list mode switch to 'List' after saving list settings in Larry skin * Fix error when there's no writeable addressbook source * Fix zipdownload plugin issue with filenames charset * Fix so non-inline images aren't skipped on forward * Fix "null" instead of empty string on messages list in IE10 * Fix legacy options handling * Fix so bounces addresses in Sender headers are skipped on Reply-All * Fix bug where serialized strings were truncated in PDO::quote() * Fix displaying messages with invalid self-closing HTML tags * Fix PHP warning when responding to a message with many Return-Path headers * Fix unintentional compose window resize * Fix performance regression in text wrapping function * Fix connection to posgtres db using unix socket * Fix handling of comma when adding contact from contacts widget * Fix bug where a message was opened in both preview pane and new window on double-click * Fix fatal error when xdebug.max_nesting_level was exceeded in rcube_washtml * Fix PHP warning in html_table::set_row_attribs() in PHP 5.4 * Fix invalid option selected in default_font selector when font is unset * Fix displaying contact with ID divisible by 100 in sql addressbook * Fix browser warnings on PDF plugin detection * Fix fatal error when parsing UUencoded messages - Update to version 0.9.1 * a lot of bugfixes and smaller improvements (http://trac.roundcube.net/wiki/Changelog) - Update to version 0.9.0 * Improved rendering of forwarded and attached messages * Optionally display and compose email messages a new windows * Unified UI for message view and composition * Show sender photos from contacts in email view * Render thumbnails for image attachments * Download all attachments as zip archive (using the zipdownload plugin) * Forward multiple emails as attachments * CSV import for contacts Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2013-687 - openSUSE 12.2: zypper in -t patch openSUSE-2013-687 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (noarch): roundcubemail-0.9.3-1.8.1 - openSUSE 12.2 (noarch): roundcubemail-0.9.3-3.16.1 References: http://support.novell.com/security/cve/CVE-2012-6121.html http://support.novell.com/security/cve/CVE-2013-5645.html https://bugzilla.novell.com/803091 https://bugzilla.novell.com/837436


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds