openSUSE Security Update : roundcubemail (openSUSE-SU-2014:0365-1)
High Nessus Plugin ID 75292
SynopsisThe remote openSUSE host is missing a security update.
Descriptionroundcubemail was updated to 0.9.5 to fix bugs and security issues.
Fixed security issues :
- CVE-2013-6172: vulnerability in handling _session argument of utils/save-prefs
New upstream release 0.9.5 (bnc#847179) (CVE-2013-6172)
- Fix failing vCard import when email address field contains spaces
- Fix default spell-check configuration after Google suspended their spell service
- Fix vulnerability in handling _session argument of utils/save-prefs
- Fix iframe onload for upload errors handling
- Fix address matching in Return-Path header on identity selection
- Fix text wrapping issue with long unwrappable lines
- Fixed mispelling: occured -> occurred
- Fixed issues where HTML comments inside style tag would hang Internet Explorer
- Fix setting domain in virtualmin password driver
- Hide Delivery Status Notification option when smtp_server is unset
- Display full attachment name using title attribute when name is too long to display
- Fix attachment icon issue when rare font/language is used
- Fix expanded thread root message styling after refreshing messages list
- Fix issue where From address was removed from Cc and Bcc fields when editing a draft
- Fix error_reporting directive check
- Fix de_DE localization of 'About' label in Help plugin
SolutionUpdate the affected roundcubemail packages.