Public bug reported:
The ESM security patch 1.4.3+dfsg.1-1ubuntu0.1~esm6 introduced a syntax error
in /usr/share/roundcube/program/lib/Roundcube/rcube_washtml.php at
approximately line 510 in the attribute_value() method.
There is a double opening brace {{ instead of a single {:
phpif ($attr_value === $val) {{
return true;
}
This causes a PHP parse error (unexpected 'private' (T_PRIVATE) on line 527)
because the extra brace breaks the nesting, making PHP 7.4 unable to parse the
rest of the file. As a result, the HTML sanitizer fails and Roundcube cannot
render email message bodies.
Steps to reproduce: Install roundcube-core 1.4.3+dfsg.1-1ubuntu0.1~esm6 with
PHP 7.4-FPM, log in, and attempt to open any email.
Fix: Remove the extra { on the affected line.
Affected package: roundcube-core 1.4.3+dfsg.1-1ubuntu0.1~esm6
** Affects: roundcube (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2144681
Title:
rcube_washtml.php syntax error in roundcube-core
1.4.3+dfsg.1-1ubuntu0.1~esm6
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/roundcube/+bug/2144681/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
