Upstream has released 1.0.11 on April 28:
Assinging to all packagers collectively, since there is no registered maintainer for roundcubemail
openSUSE has issued an advisory for this today (May 15):
Patched package uploaded for Mageia 5.
Updated roundcubemail package fixes security vulnerability:
It was discovered that roundcubemail prior to 1.0.11 contained a vulnerability in the virtualmin and sasl drivers of the password plugin (CVE-2017-8114)
Updated packages in core/updates_testing:
MGA5-32 on Asus A 6000 VM Xfce
No installation issues
Ref. to bug 20463 Comment 5 and bug 9640, we're still in the same mess. After configuring all correctly, I still run in 'Database connection failure' and 'Error 404 Object not found.
But ir does not seem to break anything else.
Testing Mageia 5 64-bit
Already installed and configured as per
UPDATE was clean, no config file changes, to: roundcubemail-1.0.11-1.mga5
afte which http://localhost/roundcubemail/ gave our usual Roundcube error page:
"DATABASE ERROR: CONNECTION FAILED!
Unable to connect to the database!
Please contact your server-administrator."
OK as per our routine updates for this pkg. Validating.
advisory MGA5-32-OK =>
advisory MGA5-32-OK MGA5-64-OKKeywords:
An update for this issue has been pushed to the Mageia Updates repository.