[pkg-horde] Bug#492578: Fixed horde3 packages
Gregory Colpart
reg at evolix.fr
Sun Aug 17 00:56:45 UTC 2008
Hello,
The package horde3 has a vulnerability (See CVE-2008-3330 and
#492578).
I prepared fixed package for etch version (source package and
debdiff):
http://gcolpart.evolix.net/debian/horde3/horde3_3.1.3-4etch4.dsc
http://gcolpart.evolix.net/debian/horde3/horde3_3.1.3-4etch3_3.1.3-4etch4.diff
Information for the advisory:
8<----------------------------------
horde3 -- cross-site scripting vulnerability
Date Reported:
?? Aug 2008
Affected Packages:
horde3
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2008-3330
More information:
It was discovered that the Horde web application framework
has insufficient input sanitising in services/obrowser/index.php
(CVE-2008-3330).
For the stable distribution (etch) this problem has been fixed in version 3.1.3-4etch4.
The unstable distribution (sid) is not affected.
We recommend that you upgrade your horde3 package.
8<----------------------------------
Regards,
--
Gregory Colpart <reg at evolix.fr> GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
More information about the pkg-horde-hackers
mailing list