lp:ubuntu/edgy-security/horde3
- Get this branch:
- bzr branch lp:ubuntu/edgy-security/horde3
Branch merges
Branch information
Recent revisions
- 7. By Emanuele Gentili
-
* SECURITY UPDATE: (LP: #203456)
+ Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5,
and Groupware Webmail Edition before 1.0.6, when running with certain
configurations, allows remote authenticated users to read and execute arbitrary
files via ".." sequences and a null byte in the theme name.
Fix directory traversal vulnerability in Registry.php which allows
an attacker to read and execute arbitrary local files via crafted
path sequences.* References
+ http://ftp.horde. org/pub/ horde/patches/ patch-horde- 3.1.6-3. 1.7.gz
+ http://www.cve. mitre.org/ cgi-bin/ cvename. cgi?name= 2008-1284
+ http://bugs.debian. org/cgi- bin/bugreport. cgi?bug= 470640
+ http://www.debian. org/security/ 2008/dsa- 1519 - 6. By Ola Lundqvist
-
* New upstream version, closes: #383416. This is a bugfix release to
correct CVE-2006-4256.
* Now suggests gettext, closes: #385457. - 5. By Ola Lundqvist
-
The SuSE maintainer found several XSS isses in Horde. See
CVE-2006-2195 for more information. Thanks to Moritz Muehlenhoff
<email address hidden> for providing the patch. - 4. By Lionel Elie Mamane <email address hidden>
-
[ Lionel Elie Mamane <email address hidden> ]
* New upstream version
- Close remote arbitrary command execution hole (closes: #360023)
* Really exclude {arch} directory from being installed in binary
package. - 2. By Ola Lundqvist
-
Added conflict on horde so removing horde do not cause configuration
removal in horde3, closes: #307623.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/horde3