roundcube -- multiple vulnerabilities

Roundcube reports:

We just published updates to both stable versions 1.0 and
1.1 after fixing many minor bugs and adding some security improvements
to the 1.1 release branch. Version 1.0.6 comes with cherry-picked fixes
from the more recent version to ensure proper long term support
especially in regards of security and compatibility.

    The security-related fixes in particular are:

    * XSS vulnerability in _mbox argument
    * security improvement in contact photo handling
    * potential info disclosure from temp directory