security update in Fedora EPEL 6 for roundcubemail

Status: stable a year ago

Upstream announcement for Version 1.0.12

This is a security update to the LTS version 1.0. It closes a potential file disclosure vulnerability discovered in the file-based attachment plugins. While there's currently no exploit path for Roundcube 1.0.x the fix was nevertheless back-ported to protect from yet unknown zero-day exploits.

It's considered stable and we recommend to update all productive installations of Roundcube 1.0.x with this version if for some reason you're not able to upgrade to the latest stable version. Please do backup your data before updating!


  • Fix file disclosure vulnerability caused by insufficient input validation CVE-2017-16651 (#6026)

Comments 6

This update has been submitted for testing by remi.

This update has been pushed to testing.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for batched by remi.

This update has been submitted for stable by remi.

This update has been pushed to stable.

Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

Content Type
Test Gating
Submitted by
Update Type
Update Severity
stable threshold: 3
unstable threshold: -3
submitted a year ago
in testing a year ago
in stable a year ago

Automated Test Results