openSUSE Security Update : roundcubemail (openSUSE-2016-1205)
Medium Nessus Plugin ID 94215
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for roundcubemail to 1.1.6 fixes several issues (boo#1001856).
These security issues were fixed :
- Fix XSS issue in href attribute on area tag
- Wash position:fixed style in HTML mail for better security
These non-security issues were fixed :
- Searching in both contacts and groups when LDAP addressbook with group_filters option is used
- Use contact_search_name format in popup on results in compose contacts search
- Fix missing localization of HTML editor when assets_dir != INSTALL_PATH
- Fix handling of blockquote tags with mixed case on html2text conversion
- Fix message list multi-select/deselect issue
- Fix bug where contact search menu fields where always unchecked in Larry skin
- Fix bug where message list columns could be in wrong order after column drag-n-drop and list sorting
- Don't create multipart/alternative messages with empty text/plain part
- Fix error causing empty INBOX listing in Firefox when using an URL with user:password specified
SolutionUpdate the affected roundcubemail package.