Accepted: horde3, horde3, horde3_3.1.3-4ubuntu0.1_i386_translations.tar.gz 3.1.3-4ubuntu0.1 (source, i386, raw-translations)

[Ubuntu Installer]

Accepted:
 OK: horde3_3.1.3.orig.tar.gz
 OK: horde3_3.1.3-4ubuntu0.1.diff.gz
 OK: horde3_3.1.3-4ubuntu0.1.dsc
     -> Component: universe Section: web
 OK: horde3_3.1.3-4ubuntu0.1_all.deb
 OK: horde3_3.1.3-4ubuntu0.1_i386_translations.tar.gz

Format: 1.7
Date: Thu, 27 Mar 2008 14:57:51 +0100
Source: horde3
Binary: horde3
Architecture: i386_translations all source
Version: 3.1.3-4ubuntu0.1
Distribution: feisty-security
Urgency: low
Maintainer: Horde Maintainers <pkg-horde-hackers at lists.alioth.debian.org>
Changed-By: Emanuele Gentili <emgent at emanuele-gentili.com>
Description:
 horde3     - horde web application framework
Changes:
 horde3 (3.1.3-4ubuntu0.1) feisty-security; urgency=low
 .
   * SECURITY UPDATE: (LP: #203456)
    + Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5,
      and Groupware Webmail Edition before 1.0.6, when running with certain
      configurations, allows remote authenticated users to read and execute arbitrary
      files via ".." sequences and a null byte in the theme name.
      Fix directory traversal vulnerability in Registry.php which allows
      an attacker to read and execute arbitrary local files via crafted
      path sequences.
 .
   * References
    + http://ftp.horde.org/pub/horde/patches/patch-horde-3.1.6-3.1.7.gz
    + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1284
    + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470640
    + http://www.debian.org/security/2008/dsa-1519
Files:
 a2c569e8a1dbea1cd5a28352547c969c 5261044 web optional horde3_3.1.3-4ubuntu0.1_all.deb
 23a0abb2d5def292fd3f889c20182ad3 1961347 raw-translations - horde3_3.1.3-4ubuntu0.1_i386_translations.tar.gz
 82cf84d05a416566e776e5e0b11cf00c 690 web optional horde3_3.1.3-4ubuntu0.1.dsc
 fb0447a79b7f792140fd0d231cec9d5d 10880 web optional horde3_3.1.3-4ubuntu0.1.diff.gz
Launchpad-Bugs-Fixed: 203456