{"id":"MGASA-2018-0463","summary":"Updated roundcubemail packages fix security vulnerability & bugs","details":"This is a service release to update the stable version 1.3 of Roundcube\nWebmail. It contains fixes to several bugs backported from the master\nbranch including a security fix for a reported XSS vulnerability (in\nhandling invalid style tag content) plus updates to ensure compatibility\nwith PHP 7.3 and recent versions of Courier-IMAP, Dovecot and MySQL 8\n(no CVE).\n","modified":"2026-04-16T04:26:38.340420Z","published":"2018-11-21T17:51:03Z","references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0463.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23826"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/56EUDX57TIX42ULN63ZD6HCOX5PLNOZJ/"}],"affected":[{"package":{"name":"roundcubemail","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/roundcubemail?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.8-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0463.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}