[pkg-horde] Bug#634962: horde3: Problem with latest security fix for lenny - Required secret is invalid
Sebastian Wienforth
debian at zugangsserver.de
Thu Jul 21 09:56:42 UTC 2011
Package: horde3
Version: 3.2.2+debian0-2+lenny3
Severity: important
The latest security fix introduced a problem. For example: if you go to "Options -> Global Options -> Personal Information" you get a notice in the WebInterface saying: "Required secret is invalid - potentially malicious request". This only seems to be annoying at first (it is still possible to create new identities/change them), but it is impossible now to delete an identity.
There are possibly more problems in the Options pages - I have not done any further testing yet.
-- System Information:
Debian Release: 5.0.8
APT prefers oldstable
APT policy: (500, 'oldstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-xen-686 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages horde3 depends on:
ii apache2 2.2.9-10+lenny9 Apache HTTP Server metapackage
ii apache2-mpm-prefo 2.2.9-10+lenny9 Apache HTTP Server - traditional n
ii libapache2-mod-ph 5.2.6.dfsg.1-1+lenny13 server-side, HTML-embedded scripti
ii libjs-scriptaculo 1.8.1-5 JavaScript library for dynamic web
ii php-log 1.10.0-1 Log module for PEAR
ii php-mail 1.1.14-1+lenny1 PHP PEAR module for sending email
ii php-mail-mime 1.5.2-0.1 PHP PEAR module for creating MIME
ii php5-gd 5.2.6.dfsg.1-1+lenny13 GD module for php5
ii php5-mcrypt 5.2.6.dfsg.1-1+lenny13 MCrypt module for php5
Versions of packages horde3 recommends:
ii fckeditor 1:2.6.2-1lenny1 rich text format javascript web ed
ii locales 2.7-18lenny7 GNU C Library: National Language (
ii logrotate 3.7.1-5 Log rotation utility
ii php-date 1.4.7-1 PHP PEAR module for date and time
ii php-db 1.7.13-2 PHP PEAR Database Abstraction Laye
ii php-file 1.3.0-1 PHP Pear modules for common file a
ii php-services-weat 1.4.2-2 acts as an interface to various on
ii php5-cli 5.2.6.dfsg.1-1+lenny13 command-line interpreter for the p
ii php5-mysql 5.2.6.dfsg.1-1+lenny13 MySQL module for php5
ii tinymce2 2.1.3-1 platform independent web based Jav
Versions of packages horde3 suggests:
pn chora2 <none> (no description available)
pn enscript <none> (no description available)
ii gettext 0.17-4 GNU Internationalization utilities
pn gollem <none> (no description available)
ii imp4 4.2-4lenny3 webmail component for horde framew
pn kronolith2 <none> (no description available)
ii libgeoip1 1.4.4.dfsg-3+lenny1 A non-DNS IP-to-country resolver l
pn libwpd-tools <none> (no description available)
pn mnemo2 <none> (no description available)
pn php-net-imap <none> (no description available)
pn php5-auth-pam <none> (no description available)
pn php5-mhash <none> (no description available)
pn ppthtml <none> (no description available)
pn rpm <none> (no description available)
pn source-highlight <none> (no description available)
ii turba2 2.2.1-2 contact management component for h
pn unrtf <none> (no description available)
pn webcpp <none> (no description available)
pn wv <none> (no description available)
pn xlhtml <none> (no description available)
-- no debconf information
More information about the pkg-horde-hackers
mailing list