[pkg-horde] Bug#659392: Some information

micah anderson micah at riseup.net
Wed Feb 15 00:22:29 UTC 2012

I've been trying to figure out if this issue affects stable.

The issues point to this openwall post:

which has actual git commits for things.

CVE-2012-0791 has a simple changeset:


it touches two files: 

neither of these files is in horde3 or imp4 that is in Squeeze.

For the other issue CVE-2012-0909, that seems to affect Squeeze's IMP,
and a changeset between version 4.3.10 and 4.3.11 was published here:

Squeeze has 4.3.7 - I've looked at the changeset above with a co-worker
and it does not look too hard to port to the debian version. We'll do so
in the next couple of days if nobody else does first.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-horde-hackers/attachments/20120214/794b592d/attachment.pgp>

More information about the pkg-horde-hackers mailing list