570834 – =mail-client/roundcube-1.1.4 version bump

Bug 570834 - =mail-client/roundcube-1.1.4 version bump

Summary: =mail-client/roundcube-1.1.4 version bump

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Aaron W. Swenson

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2016-01-04 12:40 UTC by Pavel Půlpán
Modified:	2016-01-14 18:52 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Pavel Půlpán 2016-01-04 12:40:15 UTC

26 December 2015 - Updates 1.1.4 and 1.0.8 released

We just published updates to both stable versions 1.0 and 1.1 delivering important bug fixes one of which seals a potential path traversal vulnerability reported by High-Tech Bridge Security Research Lab.

A second security improvement adds some measures against brute-force attacks. See the full changelog here.

Both versions are considered stable and we recommend to update all productive installations of Roundcube with either of these versions. Download them from roundcube.net/download.

If you prefer to patch your installation for the path traversal vulnerability only, you can find patches on our download mirrors for versions 1.0, and 1.1.

As usual, don’t forget to backup your data before updating!

Comment 1 Aaron W. Swenson gentoo-dev

2016-01-14 18:52:00 UTC

commit 8a3bcf93eba9de75950be6b0cf1c09b3edf36171
Author: Aaron W. Swenson <titanofold@gentoo.org>
Date:   Thu Jan 14 13:45:54 2016 -0500

    mail-client/roundcube: Version Bump
    
    Version bump fixes bug 570834 and addresses multiple security bugs.
    
    Bug: 570834,564476,570336
    
    Package-Manager: portage-2.2.20.1