lp:ubuntu/dapper-security/horde3
- Get this branch:
- bzr branch lp:ubuntu/dapper-security/horde3
Branch merges
Branch information
Recent revisions
- 5. By Emanuele Gentili
-
* SECURITY UPDATE: (LP: #203456)
+ Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5,
and Groupware Webmail Edition before 1.0.6, when running with certain
configurations, allows remote authenticated users to read and execute arbitrary
files via ".." sequences and a null byte in the theme name.
Fix directory traversal vulnerability in Registry.php which allows
an attacker to read and execute arbitrary local files via crafted
path sequences.* References
+ http://ftp.horde. org/pub/ horde/patches/ patch-horde- 3.1.6-3. 1.7.gz
+ http://www.cve. mitre.org/ cgi-bin/ cvename. cgi?name= 2008-1284
+ http://bugs.debian. org/cgi- bin/bugreport. cgi?bug= 470640
+ http://www.debian. org/security/ 2008/dsa- 1519 - 4. By Lionel Elie Mamane <email address hidden>
-
[ Lionel Elie Mamane <email address hidden> ]
* New upstream version
- Close remote arbitrary command execution hole (closes: #360023)
* Really exclude {arch} directory from being installed in binary
package. - 2. By Ola Lundqvist
-
Added conflict on horde so removing horde do not cause configuration
removal in horde3, closes: #307623.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/horde3