Updated roundcubemail packages fix XSS security vulnerabilities
Publication date: 01 Dec 2023Modification date: 01 Dec 2023
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-5631 , CVE-2023-47272
Description
Updated roundcubemail package fixes security vulnerabilities: Fix cross-site scripting (XSS) vulnerability in setting Content-Type/ Content-Disposition for attachment preview/download (CVE-2023-47272) Fix cross-site scripting (XSS) vulnerability in handling of SVG in HTML messages. (CVE-2023-5631) Some other errors have been fixed: - Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE - Fix duplicated Inbox folder on IMAP servers that do not use Inbox folder with all capital letters - Fix PHP warnings - Fix UI issue when dealing with an invalid managesieve_default_headers value - Fix bug where images attached to application/smil messages weren't displayed - Fix PHP string replacement error in utils/error.php - Fix regression where smtp_user did not allow pre/post strings before/after %u placeholder
References
SRPMS
9/core
- roundcubemail-1.6.5-1.mga9