[pkg-horde] Bug#659392: Some information
micah anderson
micah at riseup.net
Wed Feb 15 18:37:19 UTC 2012
On Tue, 14 Feb 2012 19:22:29 -0500, micah anderson <micah at riseup.net> wrote:
> CVE-2012-0791 has a simple changeset:
Sorry, I switched these CVE issues, this one is actually CVE-2012-0909
> https://github.com/horde/horde/commit/208eae43c95136a67104f760027a8892a22b6e25
>
> it touches two files:
> framework/Form/lib/Horde/Form/Type.php
> framework/Form/package.xml
>
> neither of these files is in horde3 or imp4 that is in Squeeze.
>
> For the other issue CVE-2012-0909, that seems to affect Squeeze's IMP,
this one is actually CVE-2012-0791.
> and a changeset between version 4.3.10 and 4.3.11 was published here:
> http://ftp.horde.org/pub/imp/patches/patch-imp-h3-4.3.10-h3-4.3.11.gz
>
> Squeeze has 4.3.7 - I've looked at the changeset above with a co-worker
> and it does not look too hard to port to the debian version. We'll do so
> in the next couple of days if nobody else does first.
have a patch, testing it now.
More information about the pkg-horde-hackers
mailing list