[Kolab-devel] Security Update for Roundcube in Kolab 3.4 and Kolab 16
Jeroen van Meeuwen
vanmeeuwen at kolabsys.com
Fri May 27 11:29:21 CEST 2016
On Fri, 2016-05-27 at 10:24 +0200, Timotheus Pokorra wrote:
> Hello,
>
> an XSS vulnerability has been reported, and fixed in roundcube.
> see http://seclists.org/oss-sec/2016/q2/414
> and https://github.com/roundcube/roundcubemail/issues/5240
>
> I have applied this fix to Kolab 3.4 Updates:
> https://obs.kolabsys.com/package/show/Kolab:3.4:Updates/roundcubemail
>
> I also prepared an update for Kolab 16:
> https://obs.kolabsys.com/request/show/1646
> (I had to do the branch and submit request from the command line,
> because today the SSL certificate for obs.kolabsys.com expired, which
> breaks the login through the browser interface).
>
> I do have commit permissions for Kolab 3.4, but I don't have commit
> permissions for Kolab 16.
>
> Jeroen, can you please review the submit request and apply it to
> roundcube in Kolab 16?
> Alternatively, or additionally, can I please have commit permissions
> for Kolab 16?
>
Reviewed and accepted.
-- Jeroen
More information about the devel
mailing list