Package: horde3 Severity: grave Tags: security Justification: user security hole
| Horde Application Framework 3.0.9 allows remote attackers to read arbitrary | files via a null character in the url parameter in services/go.php, which | bypasses a sanity check. Please see http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html for details. This is CVE-2006-1260, please mention it in the changelog when fixing it. Could you check, whether Horde 3.0.4 and 2.2.8 from stable are affected? Cheers, Moritz -- System Information: Debian Release: 3.1 APT prefers stable APT policy: (990, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.29-vs1.2.10 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
