[pkg-horde] Bug#547318: Bug#547318: horde3: CVE-2009-3236 possibility to overwrite arbitrary files with the permissions of the webserver
Gregory Colpart
reg at evolix.fr
Tue Sep 22 22:29:10 UTC 2009
On Mon, Sep 21, 2009 at 12:43:51PM +0200, Nico Golde wrote:
> >
> > Now I'm testing package and preparing upload for sid.
>
> Are you also working on etch? That would be nice, I think
> this deserves a DSA.
Yes and I confirm the vulnerability for etch.
For old-security, patch is pushed:
http://git.debian.org/?p=pkg-horde/horde3.git;a=commitdiff;h=0a71866537d0bd896fda156ba83be746483714a4
Now, I'm waiting upstream advice before building/uploading.
Regards,
--
Gregory Colpart <reg at evolix.fr> GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
More information about the pkg-horde-hackers
mailing list