Hello community, here is the log from the commit of package patchinfo.5987 for openSUSE:13.2:Update checked in at 2016-12-07 11:25:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.2:Update/patchinfo.5987 (Old) and /work/SRC/openSUSE:13.2:Update/.patchinfo.5987.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.5987" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="5987"> <issue id="1001856" tracker="bnc">VUL-0: roundcubemail: 1.1.6 fixes XSS + clickjacking flaw</issue> <issue id="1012493" tracker="bnc">VUL-0: roundcubemail: command injection via php mail() additional_parameters</issue> <issue id="982003" tracker="bnc">VUL-0: CVE-2016-5103: roundcube: XSS vulnerability in mail content page</issue> <issue id="2016-5103" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>aeneas_jaissle</packager> <description> This update for roundcubemail fixes the following issues: - A maliciously crafted email could cause untrusted code to be executed (cross site scripting using $lt;area href=javascript:...>) (boo#982003, CVE-2016-5103) - Avoid HTML styles that could cause potential click jacking (boo#1001856) - A maliciously crafted FROM value could cause extra parameters to be passed to the sendmail command (boo#1012493) - Avoid sending completely empty text parts for multipart/alternative messages - Don't create multipart/alternative messages with empty text/plain part - Improved validation of FROM argument when sending mails </description> <summary>Security update for roundcubemail</summary> </patchinfo>
