Ubuntu
horde3 package

Branches for Gutsy

Name Status Last Modified Last Commit
lp:ubuntu/gutsy/horde3 1 Development 2010-01-07 17:49:49 UTC
10. * New upstream release. * Transition ...

Author: Gregory Colpart (evolix)
Revision Date: 2007-07-16 01:40:30 UTC

* New upstream release.
* Transition to PHP5 for Recommends and Suggests fields. (Closes: #432237)
* Remove old phpapi-* from Depends: (Closes: #420644)
* Clean Depends, Recommends and Suggests fields.
* Remove exec right for XML files in debian/rules.
* Add locales in Recommends.
* Disable upstream _detect_webroot() function (unsable in Debian).
* Fix XSS vulnerability. See CVE-2007-1473 for more information.
  (Closes: #434045)
lp:ubuntu/gutsy-security/horde3 bug 1 Development 2009-07-25 14:01:17 UTC
11. * SECURITY UPDATE: (LP: #203456) + D...

Author: Emanuele Gentili
Revision Date: 2008-03-27 14:03:40 UTC

* SECURITY UPDATE: (LP: #203456)
 + Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5,
   and Groupware Webmail Edition before 1.0.6, when running with certain
   configurations, allows remote authenticated users to read and execute arbitrary
   files via ".." sequences and a null byte in the theme name.
   Fix directory traversal vulnerability in Registry.php which allows
   an attacker to read and execute arbitrary local files via crafted
   path sequences.

* References
 + http://ftp.horde.org/pub/horde/patches/patch-horde-3.1.6-3.1.7.gz
 + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1284
 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470640
 + http://www.debian.org/security/2008/dsa-1519
lp:ubuntu/gutsy-updates/horde3 1 Development 2009-07-25 13:59:51 UTC
11. * SECURITY UPDATE: (LP: #203456) + D...

Author: Emanuele Gentili
Revision Date: 2008-03-27 14:03:40 UTC

* SECURITY UPDATE: (LP: #203456)
 + Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5,
   and Groupware Webmail Edition before 1.0.6, when running with certain
   configurations, allows remote authenticated users to read and execute arbitrary
   files via ".." sequences and a null byte in the theme name.
   Fix directory traversal vulnerability in Registry.php which allows
   an attacker to read and execute arbitrary local files via crafted
   path sequences.

* References
 + http://ftp.horde.org/pub/horde/patches/patch-horde-3.1.6-3.1.7.gz
 + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1284
 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470640
 + http://www.debian.org/security/2008/dsa-1519
13 of 3 results FirstPreviousNextLast