Accepted: horde3, horde3, horde3_3.1.4-1ubuntu0.1_i386_translations.tar.gz 3.1.4-1ubuntu0.1 (source, i386, raw-translations)

[Ubuntu Installer]

Accepted:
 OK: horde3_3.1.4.orig.tar.gz
 OK: horde3_3.1.4-1ubuntu0.1.diff.gz
 OK: horde3_3.1.4-1ubuntu0.1.dsc
     -> Component: universe Section: web
 OK: horde3_3.1.4-1ubuntu0.1_all.deb
 OK: horde3_3.1.4-1ubuntu0.1_i386_translations.tar.gz

Format: 1.7
Date: Thu, 27 Mar 2008 14:03:40 +0100
Source: horde3
Binary: horde3
Architecture: i386_translations all source
Version: 3.1.4-1ubuntu0.1
Distribution: gutsy-security
Urgency: low
Maintainer: Horde Maintainers <pkg-horde-hackers at lists.alioth.debian.org>
Changed-By: Emanuele Gentili <emgent at emanuele-gentili.com>
Description:
 horde3     - horde web application framework
Changes:
 horde3 (3.1.4-1ubuntu0.1) gutsy-security; urgency=low
 .
   * SECURITY UPDATE: (LP: #203456)
    + Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5,
      and Groupware Webmail Edition before 1.0.6, when running with certain
      configurations, allows remote authenticated users to read and execute arbitrary
      files via ".." sequences and a null byte in the theme name.
      Fix directory traversal vulnerability in Registry.php which allows
      an attacker to read and execute arbitrary local files via crafted
      path sequences.
 .
   * References
    + http://ftp.horde.org/pub/horde/patches/patch-horde-3.1.6-3.1.7.gz
    + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1284
    + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470640
    + http://www.debian.org/security/2008/dsa-1519
Files:
 f3acdbc8903aa560bac6bdfefb3b28cd 5299618 web optional horde3_3.1.4-1ubuntu0.1_all.deb
 13674d1041cc5e5fe247ffbd5b955a34 1972556 raw-translations - horde3_3.1.4-1ubuntu0.1_i386_translations.tar.gz
 05be60ebde769ff7cb8c5a51c80c8429 732 web optional horde3_3.1.4-1ubuntu0.1.dsc
 7c24593e59659faaacebb96bcf5e38c7 11452 web optional horde3_3.1.4-1ubuntu0.1.diff.gz
Launchpad-Bugs-Fixed: 203456