Advisories » MGASA-2018-0463

Updated roundcubemail packages fix security vulnerability & bugs

Publication date: 21 Nov 2018
Modification date: 21 Nov 2018
Type: security
Affected Mageia releases : 6

Description

This is a service release to update the stable version 1.3 of Roundcube
Webmail. It contains fixes to several bugs backported from the master
branch including a security fix for a reported XSS vulnerability (in
handling invalid style tag content) plus updates to ensure compatibility
with PHP 7.3 and recent versions of Courier-IMAP, Dovecot and MySQL 8
(no CVE).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23826
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/56EUDX57TIX42ULN63ZD6HCOX5PLNOZJ/

SRPMS

6/core

• roundcubemail-1.3.8-1.mga6