[pkg-horde] Bug#470640: Fixed horde3 packages
Gregory Colpart
reg at evolix.fr
Sat Mar 15 22:52:36 UTC 2008
Hello,
The package horde3 has vulnerability (See CVE-2008-1284, bug
#470640 and changelogs of fixed sarge/etch/sid packages).
I prepared fixed packages:
- Sarge version (source package and debdiff):
http://gcolpart.evolix.net/debian/horde3/horde3_3.0.4-4sarge7.dsc
http://gcolpart.evolix.net/debian/horde3/horde3_3.0.4-4sarge6_3.0.4-4sarge7.diff
- Etch version (source package and debdiff):
http://gcolpart.evolix.net/debian/horde3/horde3_3.1.3-4etch3.dsc
http://gcolpart.evolix.net/debian/horde3/horde3_3.1.3-4etch2_3.1.3-4etch3.diff
- Sid version (source package and debdiff):
http://gcolpart.evolix.net/debian/horde3/horde3_3.1.7-1.dsc
http://gcolpart.evolix.net/debian/horde3/horde3_3.1.6-1_3.1.7-1.diff
[Note: I'm waiting sponsoring for sid package]
Information for the advisory:
8<----------------------------------
horde3 -- several vulenrabilities
Date Reported:
?? Mar 2008
Affected Packages:
horde3
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2008-1284
More information:
It was discovered that the Horde web application framework
permits arbitrary file inclusion through abuse of the theme
preference (CVE-2008-1284).
The old stable distribution (sarge) this problem has been fixed in version 3.0.4-4sarge7.
For the stable distribution (etch) this problem has been fixed in version 3.1.3-4etch3.
For the unstable distribution (sid) this problem has been fixed in version 3.1.7-1.
We recommend that you upgrade your horde3 package.
8<----------------------------------
Regards,
--
Gregory Colpart <reg at evolix.fr> GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
More information about the pkg-horde-hackers
mailing list