File _patchinfo of Package patchinfo
<patchinfo incident="368"> <packager>aeneas_jaissle</packager> <issue tracker="cve" id="2015-8770"></issue> <issue tracker="bnc" id="962067">VUL-0: CVE-2015-8770: roundcubemail: remote code execution by path traversal</issue> <category>security</category> <rating>important</rating> <summary>Security update for roundcubemail</summary> <description>Update to 1.0.8 - Add workaround for https://bugs.php.net/bug.php?id=70757 (#1490582) - Fix HTML sanitizer to skip &lt;!-- node type X --&gt; in output (#1490583) - Fix charset encoding of message/rfc822 part bodies (#1490606) - Fix handling of message/rfc822 attachments on replies and forwards (#1490607) - Fix PDF support detection in Firefox &gt; 19 (#1490610) - Fix path traversal vulnerability (CWE-22) in setting a skin (#1490620) [CVE-2015-8770] [bnc#962067] - Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#1490619) - Fix .htaccess rewrite rules to not block .well-known URIs (#1490615) - Updated apache2 config</description> </patchinfo>
