FEDORA-EPEL-2017-b490886f67

security update in Fedora EPEL 6 for roundcubemail

Status: testing 10 days ago

Upstream announcement for Version 1.0.12

This is a security update to the LTS version 1.0. It closes a potential file disclosure vulnerability discovered in the file-based attachment plugins. While there's currently no exploit path for Roundcube 1.0.x the fix was nevertheless back-ported to protect from yet unknown zero-day exploits.

It's considered stable and we recommend to update all productive installations of Roundcube 1.0.x with this version if for some reason you're not able to upgrade to the latest stable version. Please do backup your data before updating!

Changelog

  • Fix file disclosure vulnerability caused by insufficient input validation CVE-2017-16651 (#6026)

Comments 2

This update has been submitted for testing by remi.

This update has been pushed to testing.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown.

-1 0 +1 Feedback Guidelines
Is the update generally functional?
Content Type
RPM
Status
testing
Submitted by
Update Type
security
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 13 days ago
in testing 10 days ago
days to stable 4

Automated Test Results