Accepted: horde3, horde3, horde3_3.1.1-1ubuntu0.1_i386_translations.tar.gz 3.1.1-1ubuntu0.1 (source, i386, raw-translations)
Ubuntu Installer
archive at ubuntu.com
Thu Mar 27 16:55:21 GMT 2008
- Previous message: Accepted: ruby1.8, ruby1.8, ruby1.8, ruby1.8, ruby1.8, ruby1.8, ruby1.8 1.8.4-1ubuntu1.4 (source, amd64, hppa, i386, ia64, powerpc, sparc)
- Next message: Accepted: dspam, dspam, dspam, dspam, dspam, dspam, dspam 3.6.4-4ubuntu0.2 (source, amd64, hppa, i386, ia64, powerpc, sparc)
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Accepted:
OK: horde3_3.1.1.orig.tar.gz
OK: horde3_3.1.1-1ubuntu0.1.diff.gz
OK: horde3_3.1.1-1ubuntu0.1.dsc
-> Component: universe Section: web
OK: horde3_3.1.1-1ubuntu0.1_all.deb
OK: horde3_3.1.1-1ubuntu0.1_i386_translations.tar.gz
Format: 1.7
Date: Thu, 27 Mar 2008 16:05:35 +0100
Source: horde3
Binary: horde3
Architecture: i386_translations all source
Version: 3.1.1-1ubuntu0.1
Distribution: dapper-security
Urgency: low
Maintainer: Horde Maintainers <pkg-horde-hackers at lists.alioth.debian.org>
Changed-By: Emanuele Gentili <emgent at emanuele-gentili.com>
Description:
horde3 - horde web application framework
Changes:
horde3 (3.1.1-1ubuntu0.1) dapper-security; urgency=low
.
* SECURITY UPDATE: (LP: #203456)
+ Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5,
and Groupware Webmail Edition before 1.0.6, when running with certain
configurations, allows remote authenticated users to read and execute arbitrary
files via ".." sequences and a null byte in the theme name.
Fix directory traversal vulnerability in Registry.php which allows
an attacker to read and execute arbitrary local files via crafted
path sequences.
.
* References
+ http://ftp.horde.org/pub/horde/patches/patch-horde-3.1.6-3.1.7.gz
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1284
+ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470640
+ http://www.debian.org/security/2008/dsa-1519
Files:
1599a2e3d7d33a2f58270a04dc64b618 5098504 web optional horde3_3.1.1-1ubuntu0.1_all.deb
e0b03e7e0f3ebcb395887abcf36d4e5e 1923348 raw-translations - horde3_3.1.1-1ubuntu0.1_i386_translations.tar.gz
fe385027f1d234b8df72cc25fa14b97f 739 web optional horde3_3.1.1-1ubuntu0.1.dsc
02ff74b53960dedab862da10537f28d2 9091 web optional horde3_3.1.1-1ubuntu0.1.diff.gz
- Previous message: Accepted: ruby1.8, ruby1.8, ruby1.8, ruby1.8, ruby1.8, ruby1.8, ruby1.8 1.8.4-1ubuntu1.4 (source, amd64, hppa, i386, ia64, powerpc, sparc)
- Next message: Accepted: dspam, dspam, dspam, dspam, dspam, dspam, dspam 3.6.4-4ubuntu0.2 (source, amd64, hppa, i386, ia64, powerpc, sparc)
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the dapper-changes
mailing list