Three issues were fixed in roundcubemail 1.0.9: https://github.com/roundcube/roundcubemail/releases/tag/1.0.9 (CVE-2015-8864,CVE-2016-4068) Fix XSS issue in SVG images handling (#4949): https://github.com/roundcube/roundcubemail/issues/4949 (CVE-2016-4069) Protect download urls against CSRF using unique request tokens (#4957): https://github.com/roundcube/roundcubemail/issues/4957 (CVE-2015-2181) Fix (again) security issue in DBMail driver of password plugin (#4958): https://github.com/roundcube/roundcubemail/issues/4958
Created roundcubemail tracking bugs for this issue: Affects: fedora-all [bug 1330085] Affects: epel-all [bug 1330086]
roundcubemail-1.1.5-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
roundcubemail-1.1.5-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
roundcubemail-1.1.5-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
roundcubemail-1.1.5-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
roundcubemail-1.0.9-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.