From gyurco at freemail.hu Thu May 5 15:46:21 2016 From: gyurco at freemail.hu (=?UTF-8?Q?Szombathelyi_Gy=C3=B6rgy?=) Date: Thu, 5 May 2016 15:46:21 +0200 (CEST) Subject: [Kolab-devel] Kolab bugzilla #5383 Message-ID: Hi! I just wondering if anyone's checking the bugzilla.I reported a bug about a month ago in Syncroton, with a (possibly stupid) fix, but I think nobody saw it. https://issues.kolab.org/show_bug.cgi?id=5383 Br,Gy?rgy -------------- next part -------------- An HTML attachment was scrubbed... URL: From timotheus at kolab.org Fri May 27 10:24:15 2016 From: timotheus at kolab.org (Timotheus Pokorra) Date: Fri, 27 May 2016 10:24:15 +0200 Subject: [Kolab-devel] Security Update for Roundcube in Kolab 3.4 and Kolab 16 Message-ID: Hello, an XSS vulnerability has been reported, and fixed in roundcube. see http://seclists.org/oss-sec/2016/q2/414 and https://github.com/roundcube/roundcubemail/issues/5240 I have applied this fix to Kolab 3.4 Updates: https://obs.kolabsys.com/package/show/Kolab:3.4:Updates/roundcubemail I also prepared an update for Kolab 16: https://obs.kolabsys.com/request/show/1646 (I had to do the branch and submit request from the command line, because today the SSL certificate for obs.kolabsys.com expired, which breaks the login through the browser interface). I do have commit permissions for Kolab 3.4, but I don't have commit permissions for Kolab 16. Jeroen, can you please review the submit request and apply it to roundcube in Kolab 16? Alternatively, or additionally, can I please have commit permissions for Kolab 16? Now that the community and the enterprise version have been merged, we still need a way to provide security updates for the community. Thanks, Timotheus From timotheus at kolab.org Fri May 27 10:59:41 2016 From: timotheus at kolab.org (Timotheus Pokorra) Date: Fri, 27 May 2016 10:59:41 +0200 Subject: [Kolab-devel] Kolab bugzilla #5383 In-Reply-To: References: Message-ID: Hello Gy?rgy, > I just wondering if anyone's checking the bugzilla. I don't know. You might have better chances when reporting in Phabricator (https://git.kolab.org/maniphest/task/edit/form/9/) see also https://docs.kolab.org/contributor-guide/bug-reporting-casual.html > I reported a bug about a month ago in Syncroton, with a (possibly stupid) > fix, but I think nobody saw it. > > https://issues.kolab.org/show_bug.cgi?id=5383 looks good to me. Timotheus From vanmeeuwen at kolabsys.com Fri May 27 11:29:21 2016 From: vanmeeuwen at kolabsys.com (Jeroen van Meeuwen) Date: Fri, 27 May 2016 11:29:21 +0200 Subject: [Kolab-devel] Security Update for Roundcube in Kolab 3.4 and Kolab 16 In-Reply-To: References: Message-ID: <1464341361.17129.0.camel@kolabsys.com> On Fri, 2016-05-27 at 10:24 +0200, Timotheus Pokorra wrote: > Hello, > > an XSS vulnerability has been reported, and fixed in roundcube. > see http://seclists.org/oss-sec/2016/q2/414 > and https://github.com/roundcube/roundcubemail/issues/5240 > > I have applied this fix to Kolab 3.4 Updates: > https://obs.kolabsys.com/package/show/Kolab:3.4:Updates/roundcubemail > > I also prepared an update for Kolab 16: > https://obs.kolabsys.com/request/show/1646 > (I had to do the branch and submit request from the command line, > because today the SSL certificate for obs.kolabsys.com expired, which > breaks the login through the browser interface). > > I do have commit permissions for Kolab 3.4, but I don't have commit > permissions for Kolab 16. > > Jeroen, can you please review the submit request and apply it to > roundcube in Kolab 16? > Alternatively, or additionally, can I please have commit permissions > for Kolab 16? > Reviewed and accepted. -- Jeroen From timotheus at kolab.org Fri May 27 11:35:51 2016 From: timotheus at kolab.org (Timotheus Pokorra) Date: Fri, 27 May 2016 11:35:51 +0200 Subject: [Kolab-devel] Security Update for Roundcube in Kolab 3.4 and Kolab 16 In-Reply-To: <1464341361.17129.0.camel@kolabsys.com> References: <1464341361.17129.0.camel@kolabsys.com> Message-ID: Hello Jeroen, >> I also prepared an update for Kolab 16: >> https://obs.kolabsys.com/request/show/1646 > Reviewed and accepted. Thank you! Timotheus