[pkg-horde] Bug#361967: Horde3 Vulnerability: CVE-2006-1491 remote
arbitrary command execution
Lionel Elie Mamane
lionel at mamane.lu
Tue Apr 11 15:15:02 UTC 2006
tags 361967 +etch sarge security
thanks
On Tue, Apr 11, 2006 at 10:46:07AM -0300, Pedro Müller wrote:
> See this:
> http://www.securityfocus.com/bid/17292/info
> Please, fix this or update to 3.0.10.
An update has been submitted to the security team; I suppose they are
going to release a security advisory and put the said update on the
archive on security.debian.org anytime now.
If you wish to use the update we prepared before it is approved by the
security team, you can take it from
http://people.debian.org/~lmamane/horde/ . (That update is for Debian
stable 3.1 sarge. Debian unstable sid is already fixed. Debian testing
etch (the "beta version" of Debian 3.2) is going to get the update
automatically in a few days. If you are running Debian testing etch,
you can install the horde3 / imp4 / turba2 / ... packages from
unstable sid.
The "secure testing" team might want to consider pushing turba2 2.1-1
to etch prematurely, as it is blocking horde3 3.1.1-1 (the version
that fixes this) to migrate to testing.
> This is critical!
Yes, it is.
--
Lionel
More information about the pkg-horde-hackers
mailing list