stable

roundcubemail-1.6.8-1.fc39

FEDORA-2024-b60eb661a4 created by remi 9 months ago for Fedora 39

Version 1.6.8

  • Managesieve: Protect special scripts in managesieve_kolab_master mode
  • Fix newmail_notifier notification focus in Chrome (#9467)
  • Fix fatal error when parsing some TNEF attachments (#9462)
  • Fix double scrollbar when composing a mail with many plain text lines (#7760)
  • Fix decoding mail parts with multiple base64-encoded text blocks (#9290)
  • Fix bug where some messages could get malformed in an import from a MBOX file (#9510)
  • Fix invalid line break characters in multi-line text in Sieve scripts (#9543)
  • Fix bug where "with attachment" filter could fail on some fts engines (#9514)
  • Fix bug where an unhandled exception was caused by an invalid image attachment (#9475)
  • Fix bug where a long subject title could not be displayed in some cases (#9416)
  • Fix infinite loop when parsing malformed Sieve script (#9562)
  • Fix bug where imap_conn_option's 'socket' was ignored (#9566)
  • Fix XSS vulnerability in post-processing of sanitized HTML content CVE-2024-42009
  • Fix XSS vulnerability in serving of attachments other than HTML or SVG CVE-2024-42008
  • Fix information leak (access to remote content) via insufficient CSS filtering CVE-2024-42010

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2024-b60eb661a4

This update has been submitted for testing by remi.

9 months ago

This update's test gating status has been changed to 'ignored'.

9 months ago

This update has been pushed to testing.

9 months ago

remi edited this update.

9 months ago

This update has been submitted for stable by bodhi.

9 months ago

This update has been pushed to stable.

9 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
9 months ago
in testing
9 months ago
in stable
9 months ago
modified
9 months ago
approved
9 months ago
BZ#2303070 CVE-2024-42008 roundcubemail: A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube [fedora-39]
0
0
BZ#2303075 CVE-2024-42009 roundcubemail: A Cross-Site Scripting vulnerability in Roundcube [fedora-39]
0
0
BZ#2303095 CVE-2024-42010 roundcubemail: information leak due to insufficient CSS filtering [fedora-39]
0
0

Automated Test Results