File _patchinfo of Package patchinfo.18985

<patchinfo incident="18985">
  <packager>aeneas_jaissle</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for roundcubemail</summary>
  <description>This update for roundcubemail fixes the following issues:

Update to 1.6.11:

  This is a security update to the stable version 1.6 of Roundcube Webmail.
  It provides fixes to recently reported security vulnerabilities:
  * Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v.

- CHANGELOG

  * Managesieve: Fix match-type selector (remove unsupported options) in delete header action (#9610)
  * Improve installer to fix confusion about disabling SMTP authentication (#9801)
  * Fix PHP warning in index.php (#9813)
  * OAuth: Fix/improve token refresh
  * Fix dark mode bug where wrong colors were used for blockquotes in HTML mail preview (#9820)
  * Fix HTML message preview if it contains floating tables (#9804)
  * Fix removing/expiring redis/memcache records when using a key prefix
  * Fix bug where a wrong SPECIAL-USE folder could have been detected, if there were more than one per-type (#9781)
  * Fix a default value and documentation of password_ldap_encodage option (#9658)
  * Remove mobile/floating Create button from the list in Settings &gt; Folders (#9661)
  * Fix Delete and Empty buttons state while creating a folder (#9047)
  * Fix connecting to LDAP using ldapi:// URI (#8990)
  * Fix cursor position on "below the quote" reply in HTML mode (#8700)
  * Fix bug where attachments with content type of application/vnd.ms-tnef were not parsed (#7119)
</description>
</patchinfo>