Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 570834 - =mail-client/roundcube-1.1.4 version bump
Summary: =mail-client/roundcube-1.1.4 version bump
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Aaron W. Swenson
Depends on:
Reported: 2016-01-04 12:40 UTC by Pavel Půlpán
Modified: 2016-01-14 18:52 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Pavel Půlpán 2016-01-04 12:40:15 UTC
26 December 2015 - Updates 1.1.4 and 1.0.8 released

We just published updates to both stable versions 1.0 and 1.1 delivering important bug fixes one of which seals a potential path traversal vulnerability reported by High-Tech Bridge Security Research Lab.

A second security improvement adds some measures against brute-force attacks. See the full changelog here.

Both versions are considered stable and we recommend to update all productive installations of Roundcube with either of these versions. Download them from

If you prefer to patch your installation for the path traversal vulnerability only, you can find patches on our download mirrors for versions 1.0, and 1.1.

As usual, don’t forget to backup your data before updating!
Comment 1 Aaron W. Swenson gentoo-dev 2016-01-14 18:52:00 UTC
commit 8a3bcf93eba9de75950be6b0cf1c09b3edf36171
Author: Aaron W. Swenson <>
Date:   Thu Jan 14 13:45:54 2016 -0500

    mail-client/roundcube: Version Bump
    Version bump fixes bug 570834 and addresses multiple security bugs.
    Bug: 570834,564476,570336
    Package-Manager: portage-