Hello community, here is the log from the commit of package roundcubemail for openSUSE:Factory checked in at 2020-06-03 20:36:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/roundcubemail (Old) and /work/SRC/openSUSE:Factory/.roundcubemail.new.3606 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "roundcubemail" Wed Jun 3 20:36:47 2020 rev:63 rq:811176 version:1.4.5 Changes: -------- --- /work/SRC/openSUSE:Factory/roundcubemail/roundcubemail.changes 2020-05-08 23:08:46.622282088 +0200 +++ /work/SRC/openSUSE:Factory/.roundcubemail.new.3606/roundcubemail.changes 2020-06-03 20:37:11.170049691 +0200 @@ -1,0 +2,32 @@ +Wed Jun 3 08:20:49 UTC 2020 - Lars Vogdt <l...@linux-schulserver.de> + +- update to 1.4.5 + Security fixes + * Fix XSS issue in template object 'username' (#7406) + * Fix cross-site scripting (XSS) via malicious XML attachment + * Fix a couple of XSS issues in Installer (#7406) + * Better fix for CVE-2020-12641 + Other changes + * Fix bug in extracting required plugins from composer.json that led + to spurious error in log (#7364) + * Fix so the database setup description is compatible with MySQL 8 (#7340) + * Markasjunk: Fix regression in jsevent driver (#7361) + * Fix missing flag indication on collapsed thread in Larry and Elastic (#7366) + * Fix default keyservers (use keys.openpgp.org), add note about CORS (#7373, #7367) + * Password: Fix issue with Modoboa driver (#7372) + * Mailvelope: Use sender's address to find pubkeys to check signatures (#7348) + * Mailvelope: Fix Encrypt button hidden in Elastic (#7353) + * Fix PHP warning: count(): Parameter must be an array or an object... + in ID command handler (#7392) + * Fix error when user-configured skin does not exist anymore (#7271) + * Elastic: Fix aspect ratio of a contact photo in mail preview (#7339) + * Fix bug where PDF attachments marked as inline could have not been + attached on mail forward (#7382) + * Security: Fix a couple of XSS issues in Installer (#7406) + * Security: Fix XSS issue in template object 'username' (#7406) + * Security: Fix cross-site scripting (XSS) via malicious XML attachment + * Security: Better fix for CVE-2020-12641 +- renamed roundcubemail-1.4.4-config_dir.patch to + roundcubemail-1.4.5-config_dir.patch + +------------------------------------------------------------------- Old: ---- roundcubemail-1.4.4-complete.tar.gz roundcubemail-1.4.4-complete.tar.gz.asc roundcubemail-1.4.4-config_dir.patch New: ---- roundcubemail-1.4.5-complete.tar.gz roundcubemail-1.4.5-complete.tar.gz.asc roundcubemail-1.4.5-config_dir.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ roundcubemail.spec ++++++ --- /var/tmp/diff_new_pack.I3kCQY/_old 2020-06-03 20:37:12.046052436 +0200 +++ /var/tmp/diff_new_pack.I3kCQY/_new 2020-06-03 20:37:12.050052449 +0200 @@ -22,7 +22,7 @@ %define roundcubeconfigpath %{_sysconfdir}/%{name} %define php_major_version %(php -r "echo PHP_MAJOR_VERSION;") Name: roundcubemail -Version: 1.4.4 +Version: 1.4.5 Release: 0 Summary: A browser-based multilingual IMAP client License: GPL-3.0-or-later AND GPL-2.0-only AND BSD-3-Clause ++++++ roundcubemail-1.4.4-complete.tar.gz -> roundcubemail-1.4.5-complete.tar.gz ++++++ /work/SRC/openSUSE:Factory/roundcubemail/roundcubemail-1.4.4-complete.tar.gz /work/SRC/openSUSE:Factory/.roundcubemail.new.3606/roundcubemail-1.4.5-complete.tar.gz differ: char 5, line 1 ++++++ roundcubemail-1.4.4-config_dir.patch -> roundcubemail-1.4.5-config_dir.patch ++++++