Cross-site scripting vulnerability has been fixed in Roundcube 1.0.5 version. Please update Debian packages, thanks. http://roundcube.net/news/2015/01/24/security-update-1.0.5/ http://trac.roundcube.net/wiki/Changelog#RELEASE1.0.5 http://trac.roundcube.net/ticket/1490227 CVE request: http://www.openwall.com/lists/oss-security/2015/01/31/3
Created roundcubemail tracking bugs for this issue: Affects: fedora-all [bug 1188202] Affects: epel-all [bug 1188203]