Version 1.0.4 of Roundcube [1] contains a security fix: ... Security: Fix possible CSRF attacks to some address book operations as well as to the ACL and Managesieve plugins. ... Upstream commit: https://github.com/roundcube/roundcubemail/commit/376cbfd4f2dfcf455717409b70d9d056cbeb08b1 [1]: http://roundcube.net/news/2014/12/18/update-1.0.4-released/
Created roundcubemail tracking bugs for this issue: Affects: fedora-all [bug 1179783] Affects: epel-all [bug 1179784]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.