Hello, The package horde3 has vulnerability (See CVE-2008-1284, bug #470640 and changelogs of fixed sarge/etch/sid packages).
I prepared fixed packages: - Sarge version (source package and debdiff): http://gcolpart.evolix.net/debian/horde3/horde3_3.0.4-4sarge7.dsc http://gcolpart.evolix.net/debian/horde3/horde3_3.0.4-4sarge6_3.0.4-4sarge7.diff - Etch version (source package and debdiff): http://gcolpart.evolix.net/debian/horde3/horde3_3.1.3-4etch3.dsc http://gcolpart.evolix.net/debian/horde3/horde3_3.1.3-4etch2_3.1.3-4etch3.diff - Sid version (source package and debdiff): http://gcolpart.evolix.net/debian/horde3/horde3_3.1.7-1.dsc http://gcolpart.evolix.net/debian/horde3/horde3_3.1.6-1_3.1.7-1.diff [Note: I'm waiting sponsoring for sid package] Information for the advisory: 8<---------------------------------- horde3 -- several vulenrabilities Date Reported: ?? Mar 2008 Affected Packages: horde3 Vulnerable: Yes Security database references: In Mitre's CVE dictionary: CVE-2008-1284 More information: It was discovered that the Horde web application framework permits arbitrary file inclusion through abuse of the theme preference (CVE-2008-1284). The old stable distribution (sarge) this problem has been fixed in version 3.0.4-4sarge7. For the stable distribution (etch) this problem has been fixed in version 3.1.3-4etch3. For the unstable distribution (sid) this problem has been fixed in version 3.1.7-1. We recommend that you upgrade your horde3 package. 8<---------------------------------- Regards, -- Gregory Colpart <[EMAIL PROTECTED]> GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
