[pkg-horde] Bug#659392: Some information
micah anderson
micah at riseup.net
Wed Feb 15 00:22:29 UTC 2012
I've been trying to figure out if this issue affects stable.
The issues point to this openwall post:
http://www.openwall.com/lists/oss-security/2012/01/22/2
which has actual git commits for things.
CVE-2012-0791 has a simple changeset:
https://github.com/horde/horde/commit/208eae43c95136a67104f760027a8892a22b6e25
it touches two files:
framework/Form/lib/Horde/Form/Type.php
framework/Form/package.xml
neither of these files is in horde3 or imp4 that is in Squeeze.
For the other issue CVE-2012-0909, that seems to affect Squeeze's IMP,
and a changeset between version 4.3.10 and 4.3.11 was published here:
http://ftp.horde.org/pub/imp/patches/patch-imp-h3-4.3.10-h3-4.3.11.gz
Squeeze has 4.3.7 - I've looked at the changeset above with a co-worker
and it does not look too hard to port to the debian version. We'll do so
in the next couple of days if nobody else does first.
micah
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-horde-hackers/attachments/20120214/794b592d/attachment.pgp>
More information about the pkg-horde-hackers
mailing list