1

Topic: Security: Patch to fix roundcube 0.1.1 security issues

Hi, all.

Here's patch to fix roundcubemail-0.1.1-stable security issues.

All users use iRedMail-0.3.2/0.3.1/0.2/0.1 should apply this patch as soon as possible:

Steps:

- Backup current web files (we assume you backup to /opt/backup/):

# cp -rfvp /var/www/roundcubemail-0.1.1/ /opt/backup/

- Download attached patch, copy it to /root/ directory, then patch it:

# cd /var/www/roundcubemail-0.1.1/
# patch -p0 < /root/roundcubemail-CVE-2008-5619.patch

Related resource links:

    - Break-in possiblity via html2text.php?
      http://trac.roundcube.net/ticket/1485618

    - Security update for 0.2-beta
      http://lists.roundcube.net/mail-archive … 00039.html

Note: patch comes from Fedora EPEL repository, thanks wumingzhang for his remind:
http://download.fedora.redhat.com/pub/e … l5.src.rpm