[pkg-horde] Bug#492578: Fixed horde3 packages

Nico Golde nion at debian.org
Sun Aug 17 11:36:24 UTC 2008


Hi Gregory,
* Gregory Colpart <reg at evolix.fr> [2008-08-17 13:20]:
> The package horde3 has a vulnerability (See CVE-2008-3330 and
> #492578).
> 
> I prepared fixed package for etch version (source package and
> debdiff):
> http://gcolpart.evolix.net/debian/horde3/horde3_3.1.3-4etch4.dsc
> http://gcolpart.evolix.net/debian/horde3/horde3_3.1.3-4etch3_3.1.3-4etch4.diff

Looks good to me. Thanks for the work. Feel free to upload 
this to security-master so someone from the stable team can 
release it.

[...] 
> For the stable distribution (etch) this problem has been fixed in version 3.1.3-4etch4.
> 
> The unstable distribution (sid) is not affected.

This is wrong, it is fixed in 3.2.1+debian0-1. Not affected 
is only used if the package in Debian was never affected 
because of a specific reason, like for example patched code. 
If a vulnerable version was never in unstable we still 
include version numbers for the tracker.

Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-horde-hackers/attachments/20080817/3e56c555/attachment-0001.pgp 


More information about the pkg-horde-hackers mailing list