Accepted: horde3, horde3, horde3_3.1.1-1ubuntu0.1_i386_translations.tar.gz 3.1.1-1ubuntu0.1 (source, i386, raw-translations)

[Ubuntu Installer]

Accepted:
 OK: horde3_3.1.1.orig.tar.gz
 OK: horde3_3.1.1-1ubuntu0.1.diff.gz
 OK: horde3_3.1.1-1ubuntu0.1.dsc
     -> Component: universe Section: web
 OK: horde3_3.1.1-1ubuntu0.1_all.deb
 OK: horde3_3.1.1-1ubuntu0.1_i386_translations.tar.gz

Format: 1.7
Date: Thu, 27 Mar 2008 16:05:35 +0100
Source: horde3
Binary: horde3
Architecture: i386_translations all source
Version: 3.1.1-1ubuntu0.1
Distribution: dapper-security
Urgency: low
Maintainer: Horde Maintainers <pkg-horde-hackers at lists.alioth.debian.org>
Changed-By: Emanuele Gentili <emgent at emanuele-gentili.com>
Description:
 horde3     - horde web application framework
Changes:
 horde3 (3.1.1-1ubuntu0.1) dapper-security; urgency=low
 .
   * SECURITY UPDATE: (LP: #203456)
    + Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5,
      and Groupware Webmail Edition before 1.0.6, when running with certain
      configurations, allows remote authenticated users to read and execute arbitrary
      files via ".." sequences and a null byte in the theme name.
      Fix directory traversal vulnerability in Registry.php which allows
      an attacker to read and execute arbitrary local files via crafted
      path sequences.
 .
   * References
    + http://ftp.horde.org/pub/horde/patches/patch-horde-3.1.6-3.1.7.gz
    + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1284
    + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470640
    + http://www.debian.org/security/2008/dsa-1519
Files:
 1599a2e3d7d33a2f58270a04dc64b618 5098504 web optional horde3_3.1.1-1ubuntu0.1_all.deb
 e0b03e7e0f3ebcb395887abcf36d4e5e 1923348 raw-translations - horde3_3.1.1-1ubuntu0.1_i386_translations.tar.gz
 fe385027f1d234b8df72cc25fa14b97f 739 web optional horde3_3.1.1-1ubuntu0.1.dsc
 02ff74b53960dedab862da10537f28d2 9091 web optional horde3_3.1.1-1ubuntu0.1.diff.gz