Roundcube has released a bug fix version of their new 0.8.x line. Contains bug fixes and "two fixes for a recently reported XSS vulnerability in Roundcube's HTML message handling". Probably just requires renaming the current 0.8.0 ebuild. Reproducible: Always
Added to CVS.