roundcubemail was updated to 0.9.5 to fix bugs and security issues.

Fixed security issues:
* CVE-2013-6172: vulnerability in handling _session argument of utils/save-prefs

New upstream release 0.9.5 (bnc#847179) (CVE-2013-6172)
* Fix failing vCard import when email address field contains spaces
* Fix default spell-check configuration after Google suspended their spell service
* Fix vulnerability in handling _session argument of utils/save-prefs
* Fix iframe onload for upload errors handling
* Fix address matching in Return-Path header on identity selection
* Fix text wrapping issue with long unwrappable lines
* Fixed mispelling: occured -> occurred
* Fixed issues where HTML comments inside style tag would hang Internet Explorer
* Fix setting domain in virtualmin password driver
* Hide Delivery Status Notification option when smtp_server is unset
* Display full attachment name using title attribute when name is too long to display
* Fix attachment icon issue when rare font/language is used
* Fix expanded thread root message styling after refreshing messages list
* Fix issue where From address was removed from Cc and Bcc fields when editing a draft
* Fix error_reporting directive check
* Fix de_DE localization of "About" label in Help plugin