Topic: Security: Patch to fix roundcube 0.1.1 security issues
Hi, all.
Here's patch to fix roundcubemail-0.1.1-stable security issues.
All users use iRedMail-0.3.2/0.3.1/0.2/0.1 should apply this patch as soon as possible:
Steps:
- Backup current web files (we assume you backup to /opt/backup/):
# cp -rfvp /var/www/roundcubemail-0.1.1/ /opt/backup/- Download attached patch, copy it to /root/ directory, then patch it:
# cd /var/www/roundcubemail-0.1.1/
# patch -p0 < /root/roundcubemail-CVE-2008-5619.patchRelated resource links:
- Break-in possiblity via html2text.php?
http://trac.roundcube.net/ticket/1485618
- Security update for 0.2-beta
http://lists.roundcube.net/mail-archive … 00039.html
Note: patch comes from Fedora EPEL repository, thanks wumingzhang for his remind:
http://download.fedora.redhat.com/pub/e … l5.src.rpm
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.