*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: turba2 References: DSA-1507-1 (http://www.debian.org/security/2008/dsa-1507) Quoting: "Peter Paul Elfferich discovered that turba2, a contact management component for horde framework did not correctly check access rights before allowing users to edit addresses. This could result in valid users being able to alter private address records." ** Affects: turba2 (Ubuntu) Importance: Undecided Status: New ** Affects: turba2 (Debian) Importance: Unknown Status: Unknown ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-0807 ** Bug watch added: Debian Bug tracker #464058 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058 ** Also affects: turba2 (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058 Importance: Unknown Status: Unknown -- [turba2] [CVE-2008-0807] programming error in permission testing https://bugs.launchpad.net/bugs/195695 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
