Accepted: horde3, horde3, horde3_3.1.3-1ubuntu0.1_i386_translations.tar.gz 3.1.3-1ubuntu0.1 (source, i386, raw-translations)

[Ubuntu Installer]

Accepted:
 OK: horde3_3.1.3.orig.tar.gz
 OK: horde3_3.1.3-1ubuntu0.1.diff.gz
 OK: horde3_3.1.3-1ubuntu0.1.dsc
     -> Component: universe Section: web
 OK: horde3_3.1.3-1ubuntu0.1_all.deb
 OK: horde3_3.1.3-1ubuntu0.1_i386_translations.tar.gz

Format: 1.7
Date: Thu, 27 Mar 2008 15:58:32 +0100
Source: horde3
Binary: horde3
Architecture: i386_translations all source
Version: 3.1.3-1ubuntu0.1
Distribution: edgy-security
Urgency: low
Maintainer: Horde Maintainers <pkg-horde-hackers at lists.alioth.debian.org>
Changed-By: Emanuele Gentili <emgent at emanuele-gentili.com>
Description:
 horde3     - horde web application framework
Changes:
 horde3 (3.1.3-1ubuntu0.1) edgy-security; urgency=low
 .
   * SECURITY UPDATE: (LP: #203456)
    + Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5,
      and Groupware Webmail Edition before 1.0.6, when running with certain
      configurations, allows remote authenticated users to read and execute arbitrary
      files via ".." sequences and a null byte in the theme name.
      Fix directory traversal vulnerability in Registry.php which allows
      an attacker to read and execute arbitrary local files via crafted
      path sequences.
 .
   * References
    + http://ftp.horde.org/pub/horde/patches/patch-horde-3.1.6-3.1.7.gz
    + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1284
    + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470640
    + http://www.debian.org/security/2008/dsa-1519
Files:
 5b1f80bea243c2df7b0f7562d5f43cf5 5260930 web optional horde3_3.1.3-1ubuntu0.1_all.deb
 12bf8f60d27c3f8b452ee8e2d04f11c5 1961339 raw-translations - horde3_3.1.3-1ubuntu0.1_i386_translations.tar.gz
 ca98f64c4d20eafdfd5034add8e4f965 690 web optional horde3_3.1.3-1ubuntu0.1.dsc
 821453cabda84ef57a629bdee519605c 10443 web optional horde3_3.1.3-1ubuntu0.1.diff.gz