FEDORA-EPEL-2013-11499 created by limb 8 years ago for Fedora EPEL 6
stable

0.9.4, latest upstream. Require webserver rather than httpd. Two XSS flaws were fixed in roundcube 0.9.3 [1]:

  • Fix XSS vulnerability when saving HTML signatures [2],[3]
  • Fix XSS vulnerability when editing a message "as new" or draft [2],[4]

[1] http://trac.roundcube.net/wiki/Changelog#RELEASE0.9.3 [2] http://trac.roundcube.net/ticket/1489251 [3] http://trac.roundcube.net/changeset/ce5a6496fd6039962ba7424d153278e41ae8761b/github [4] http://trac.roundcube.net/changeset/93b0a30c1c8aa29d862b587b31e52bcc344b8d16/github

This update has been submitted for testing by limb.

8 years ago
User Icon orion commented & provided feedback 8 years ago
karma

Seems to be working okay here.

This update is currently being pushed to the Fedora EPEL 6 testing updates repository.

8 years ago

This update has been pushed to testing

8 years ago

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

8 years ago

This update has been submitted for stable by limb.

8 years ago

This update is currently being pushed to the Fedora EPEL 6 stable updates repository.

8 years ago

This update has been pushed to stable

8 years ago

Please login to add feedback.

Metadata
Type
security
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
8 years ago
in testing
8 years ago
in stable
8 years ago
BZ#1000511 roundcubemail: two XSS flaws fixed in 0.9.3 [fedora-all]
0
0
BZ#1000512 roundcubemail: two XSS flaws fixed in 0.9.3 [epel-6]
0
0
BZ#1005696 roundcubemail depends on httpd (apache)
0
0

Automated Test Results