Bugzilla – Bug 952007
Tracker bug for roundcubemail (13.2)
Last modified: 2015-10-26 13:21:01 UTC
Tracker bug for roundcubemail.
https://build.opensuse.org/request/show/340988 This update fixes one security issue and one bug. roundcubemail was updated to disallow unwanted access on files in the file system. The apache2 configuration file for roundcubemail allowed access to the roundcubemail/bin folder and possibly /logs, /config and /temp, if these were not symlinks (this is only the case when manually changed). This update comes with a fixed configuration. If you modified the file "/etc/apache2/conf.d/roundcubemail.conf", please replace it with the configuration "roundcubemail.conf.rpmnew" and reapply your changes. After that, a restart of apache2 is requried. This update also fixes an issue that causes apache2 not to start because "mod_version.c" is not loaded.
Thanks https://roundcube.net/news/2015/09/14/updates-1.1.3-and-1.0.7-released/
Btw it's all packaging updates, the upstream roundcubemail source has *not* changed.
tracking incident for all in bug 952006 *** This bug has been marked as a duplicate of bug 952006 ***