Updated roundcubemail packages fix security vulnerabilitiesPublication date: 29 Apr 2016
Affected Mageia releases : 5
CVE: CVE-2015-8864 , CVE-2016-4069
Updated roundcubemail packages fix security vulnerabilities: More security issues in the DBMail driver for the password plugin, related to CVE-2015-2181. XSS issue in SVG images handling (CVE-2015-8864). Lack of protection for attachment download URLs against CSRF (CVE-2016-4069). The roundcubemail package has been updated to version 1.0.9, fixing these issues and several other bugs.