[pkg-horde] Bug#547318: Bug#547318: horde3: CVE-2009-3236 possibility to overwrite arbitrary files with the permissions of the webserver

Nico Golde nion at debian.org
Tue Sep 22 23:51:25 UTC 2009


Hi,
* Gregory Colpart <reg at evolix.fr> [2009-09-23 00:58]:
> On Mon, Sep 21, 2009 at 12:43:51PM +0200, Nico Golde wrote:
> > > Now I'm testing package and preparing upload for sid.
> > 
> > Are you also working on etch? That would be nice, I think 
> > this deserves a DSA.
> 
> Yes and I confirm the vulnerability for etch.
> For old-security, patch is pushed:
> http://git.debian.org/?p=pkg-horde/horde3.git;a=commitdiff;h=0a71866537d0bd896fda156ba83be746483714a4
> 
> Now, I'm waiting upstream advice before building/uploading.

Ok great. So far the diff looks good to me. Feel free to 
upload to security master (and additionally you might drop 
me a mail so I don't miss it). Thanks for your work!

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-horde-hackers/attachments/20090923/8bf87c31/attachment.pgp>


More information about the pkg-horde-hackers mailing list