Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 570834

Summary: =mail-client/roundcube-1.1.4 version bump
Product: Gentoo Linux Reporter: Pavel Půlpán <pavel.pulpan>
Component: New packagesAssignee: Aaron W. Swenson <titanofold>
Status: RESOLVED FIXED    
Severity: normal CC: kevin, web-apps
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Pavel Půlpán 2016-01-04 12:40:15 UTC 
26 December 2015 - Updates 1.1.4 and 1.0.8 released

We just published updates to both stable versions 1.0 and 1.1 delivering important bug fixes one of which seals a potential path traversal vulnerability reported by High-Tech Bridge Security Research Lab.

A second security improvement adds some measures against brute-force attacks. See the full changelog here.

Both versions are considered stable and we recommend to update all productive installations of Roundcube with either of these versions. Download them from roundcube.net/download.

If you prefer to patch your installation for the path traversal vulnerability only, you can find patches on our download mirrors for versions 1.0, and 1.1.

As usual, don’t forget to backup your data before updating!
Comment 1 Aaron W. Swenson gentoo-dev 2016-01-14 18:52:00 UTC 
commit 8a3bcf93eba9de75950be6b0cf1c09b3edf36171
Author: Aaron W. Swenson <titanofold@gentoo.org>
Date:   Thu Jan 14 13:45:54 2016 -0500

    mail-client/roundcube: Version Bump
    
    Version bump fixes bug 570834 and addresses multiple security bugs.
    
    Bug: 570834,564476,570336
    
    Package-Manager: portage-2.2.20.1