2 days 16 hours ago
FEDORA-EPEL-2026-82b702d826
Packages in this update:
- roundcubemail-1.6.15-1.el10_1
Update description:
Version 1.6.15
This is a security update to the stable version 1.6 of Roundcube Webmail.
It provides fixes to some regressions introduced in the previous release as well a recently reported security vulnerability:
- SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke, reported by class_nzm.
This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating!
CHANGELOG
- Fix regression where mail search would fail on non-ascii search criteria (#10121)
- Fix regression where some data url images could get ignored/lost (#10128)
- Fix SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke
2 days 16 hours ago
FEDORA-EPEL-2026-f7a0d90857
Packages in this update:
- roundcubemail-1.6.15-1.el10_3
Update description:
Version 1.6.15
This is a security update to the stable version 1.6 of Roundcube Webmail.
It provides fixes to some regressions introduced in the previous release as well a recently reported security vulnerability:
- SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke, reported by class_nzm.
This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating!
CHANGELOG
- Fix regression where mail search would fail on non-ascii search criteria (#10121)
- Fix regression where some data url images could get ignored/lost (#10128)
- Fix SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke
2 days 16 hours ago
FEDORA-2026-8ba1a085a9
Packages in this update:
- roundcubemail-1.6.15-1.fc43
Update description:
Version 1.6.15
This is a security update to the stable version 1.6 of Roundcube Webmail.
It provides fixes to some regressions introduced in the previous release as well a recently reported security vulnerability:
- SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke, reported by class_nzm.
This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating!
CHANGELOG
- Fix regression where mail search would fail on non-ascii search criteria (#10121)
- Fix regression where some data url images could get ignored/lost (#10128)
- Fix SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke
2 days 16 hours ago
FEDORA-EPEL-2026-bf73d904ba
Packages in this update:
- roundcubemail-1.5.15-1.el9
Update description:
Version 1.5.15
This is a security update to the stable version 1.5 of Roundcube Webmail.
It provides fixes to some regressions introduced in the previous release as well a recently reported security vulnerability:
- SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke, reported by class_nzm.
This version is considered stable and we recommend to update all productive installations of Roundcube 1.5.x with it. Please do backup your data before updating!
CHANGELOG
- Fix so distribution packages (and composer.json) don't include development dependencies
- Fix regression where mail search would fail on non-ascii search criteria (#10121)
- Fix regression where some data url images could get ignored/lost (#10128)
- Fix SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke
2 days 18 hours ago
2 days 18 hours ago
2 days 22 hours ago
It was discovered that Pillow did not correctly handle reading J2K files,
which could lead to an out-of-bounds read vulnerability. If a user or
automated system were tricked into opening a specially crafted file, an
attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 16.04 LTS. (CVE-2021-25287, CVE-2021-25288)
It was discovered that Pillow did not correctly handle certain integer
arithmetic, which could lead to a buffer overflow. An attacker could
possibly use this issue to cause a denial of service or execute arbitrary
code. This issue only affected Ubuntu 14.04 LTS. (CVE-2021-25290)
It was discovered that Pillow did not correctly perform bounds checking
for certain operations. An attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 14.04 LTS
and Ubuntu 16.04 LTS. (CVE-2021-28675, CVE-2021-28676, CVE-2021-28677)
It was discovered that Pillow did not correctly handle certain memory
operations. An attacker could possibly use this issue to cause a denial
of service. (CVE-2023-44271)
It was discovered that Pillow did not correctly sanitize certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2023-50447)
3 days ago
FEDORA-2026-7b2964fc42
Packages in this update:
Update description:
Fix several low-priority CVEs
Build with new Gnulib
3 days ago
FEDORA-2026-e153173659
Packages in this update:
Update description:
Fix several low-priority CVEs
Build with new Gnulib
3 days 1 hour ago
It was discovered that Roundcube Webmail did not properly sanitize
certain HTML elements within the e-mail body. An attacker could possibly
use this issue to cause a cross-site scripting attack. This issue was only
addressed in Ubuntu 16.04 LTS. (CVE-2016-4068, CVE-2016-4069)
It was discovered that Roundcube Webmail did not properly handle certain
configuration parameters. An attacker could possibly use this issue to
execute arbitrary code. This issue was only addressed in Ubuntu 16.04 LTS.
(CVE-2016-9920)
It was discovered that Roundcube Webmail did not properly sanitize CSS styles
within SVG documents. An attacker could possibly use this issue to cause
a cross-site scripting attack. This issue was only addressed in Ubuntu 16.04 LTS.
(CVE-2017-6820)
It was discovered that Roundcube Webmail did not properly restrict exec call in
certain drivers of the password plugin. An authenticated user could possibly
use this issue to perform arbitrary password resets. This issue was only addressed in
Ubuntu 16.04 LTS. (CVE-2017-8114)
It was discovered that Roundcube Webmail did not properly set file permissions within
the Enigma plugin. An attacker could possibly use this issue to exfiltrate GPG private
keys via network connectivity. (CVE-2018-1000071)
It was discovered that Roundcube Webmail did not properly handle GnuPG MDC
integrity-protection warnings. An attacker could possibly use this issue to obtain
sensitive information from encrypted communications. (CVE-2018-19205)
It was discovered that Roundcube Webmail did not properly sanitize and
tags within HTML attachments. An attacker could possibly use this issue to cause a
cross-site scripting attack. (CVE-2018-19206)
It was discovered that Roundcube Webmail did not properly handle partially encrypted
multipart messages. An attacker could possibly use this issue to cause
leaking of the plaintext of encrypted messages via an email reply. (CVE-2019-10740)
It was discovered that Roundcube Webmail did not properly sanitize a certain parameter
within the archive plugin. An attacker could possibly use this issue to perform an
IMAP injection attack. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2018-9846)
3 days 1 hour ago
Version:next-20260330 (linux-next)
Released:2026-03-30
3 days 2 hours ago
It was discovered that pyasn1 could exhaust system resources when
attempting to decode a malformed certificate. An attacker could
possibly use this to cause a denial of service. (CVE-2026-23490)
Kevin Tu discovered that pyasn1 could exhaust system resources via
uncontrolled recursion when attempting to decode malicously-crafted
certificates. An attacker could possibly use this to cause a denial of
service. (CVE-2026-30922)
3 days 3 hours ago
FEDORA-2026-5e16254ca6
Packages in this update:
- gst-devtools-1.26.11-1.fc42
- gst-editing-services-1.26.11-1.fc42
- gstreamer1-1.26.11-1.fc42
- gstreamer1-doc-1.26.11-1.fc42
- gstreamer1-plugin-libav-1.26.11-1.fc42
- gstreamer1-plugins-bad-free-1.26.11-1.fc42
- gstreamer1-plugins-base-1.26.11-1.fc42
- gstreamer1-plugins-good-1.26.11-1.fc42
- gstreamer1-plugins-ugly-free-1.26.11-1.fc42
- gstreamer1-rtsp-server-1.26.11-1.fc42
- gstreamer1-vaapi-1.26.11-1.fc42
- python-gstreamer1-1.26.11-1.fc42
Update description:
1.26.11
3 days 5 hours ago
FEDORA-2026-6ff3ef2d32
Packages in this update:
Update description:
Update goose to fix fedora#2449678
3 days 5 hours ago
FEDORA-2026-a45f438402
Packages in this update:
Update description:
Update goose to fix fedora#2449678
3 days 5 hours ago
FEDORA-2026-f0293b845e
Packages in this update:
Update description:
version bumped from 1.15.1 to 1.15.2
3 days 5 hours ago
FEDORA-2026-17dbeca425
Packages in this update:
Update description:
version bumped from 1.15.1 to 1.15.2
3 days 6 hours ago
FEDORA-2026-e77ad9d792
Packages in this update:
- gst-devtools-1.26.11-1.fc43
- gst-editing-services-1.26.11-1.fc43
- gstreamer1-1.26.11-1.fc43
- gstreamer1-doc-1.26.11-1.fc43
- gstreamer1-plugin-libav-1.26.11-1.fc43
- gstreamer1-plugins-bad-free-1.26.11-1.fc43
- gstreamer1-plugins-base-1.26.11-1.fc43
- gstreamer1-plugins-good-1.26.11-1.fc43
- gstreamer1-plugins-ugly-free-1.26.11-1.fc43
- gstreamer1-rtsp-server-1.26.11-1.fc43
- gstreamer1-vaapi-1.26.11-1.fc43
- python-gstreamer1-1.26.11-1.fc43
Update description:
1.26.11
3 days 7 hours ago
It was discovered that PyJWT did not validate the critical header
parameter, contrary to the RFC specification expectations. A remote
attacker could possibly use this issue to bypass certain authentication
checks and restrictions.
3 days 9 hours ago
FEDORA-EPEL-2026-01ea52d899
Packages in this update:
Update description:
- New version 2.6.5
- Fixes CVE-2026-3608 (rhbz#2452134)