[pkg-horde] Bug#461131: Bug#461131: CVE-2007-6018: horde3 privilege escalation
Gregory Colpart
reg at evolix.fr
Sun Jan 20 02:02:07 UTC 2008
Hi,
On Sun, Jan 20, 2008 at 01:30:37AM +0100, Nico Golde wrote:
> are you also going to fix imp4?
CVE-2007-6018 doesn't affect directly package imp4.
Security problems are in 'lib/Horde/Text/Filter/xss.php'
file which is only part of horde3 package. For more information,
you can see my patch for horde3/stable-security:
http://arch.debian.org/cgi-bin/archzoom.cgi/pkg-horde-hackers@lists.alioth.debian.org--2006/horde--etch--3--patch-4/lib/Horde/Text/Filter/xss.php.diff?diff
Regards,
--
Gregory Colpart <reg at evolix.fr> GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
More information about the pkg-horde-hackers
mailing list