See https://lwn.net/Alerts/663048/ summary of two non-CVE issues reported by openSUSE; Description: roundcubemail was updated to version 1.0.7 to fix two security issues. These security issues were fixed: - XSS issue in drag-n-drop file uploads - Disallow unwanted access on files in the file system. The apache2 configuration file for roundcubemail allowed access to the roundcubemail/bin folder and possibly /logs, /config and /temp, if these were not symlinks (this was only the case when the configuration was manually changed) (bsc#952006) Reproducible: Always
I'll add arches in a day or so to make sure there aren't any issues that crop up. commit c20f39cdcba8d3f75fcd7d6c09e80d2ee0655e40 Author: Aaron W. Swenson <titanofold@gentoo.org> Date: Wed Dec 9 07:44:37 2015 -0500 mail-client/roundcube: Version bump, security, and bug fixes Added two use flags controlling optional dependencies to support the enigma and and sieverules plugins. Added REQUIRED_USE as one of postgres, mysql, or sqlite must be enabled. Rouncube requires a database to operate. As the ebuild uses this now, removed the default enable on the mysql USE flag. Added POST-UPGRADE.txt which is just a shortened version of the UPGRADE text from upstream. Dropped arm and ppc64 keywords as one dependency, dev-php/PEAR-Net_LDAP2, currently lacks matching keywords for those architectures. Bug: 541172, 545096, 524192, 564476, 565204, 53284 Package-Manager: portage-2.2.20.1
*** This bug has been marked as a duplicate of bug 564476 ***
