[pkg-horde] Bug#660077: horde3: Remote execution backdoor after server hack
Mathieu Parent
math.parent at gmail.com
Thu Feb 16 09:03:41 UTC 2012
Version: 3.3.12+debian0-2
Le 16 février 2012 09:47, Rainer Dorsch <rdorsch at web.de> a écrit :
> Package: horde3
> Version: 3_3.3.12+debian0-2
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Dear Maintainer,
>
> a horde3 security issue is described here, which I would like to bring
> to your attention
>
> http://dev.horde.org/h/jonah/stories/view.php?channel_id=1&id=155
>
> The version number of the compromised code matches what is in wheezy and sid
>
> rd at blackbox:~$ apt-cache policy horde3
> horde3:
> Installiert: (keine)
> Kandidat: 3.3.12+debian0-2
> Versionstabelle:
> 3.3.12+debian0-2 0
> 500 http://ftp-stud.fht-esslingen.de/debian/ wheezy/main i386 Packages
> 300 http://ftp-stud.fht-esslingen.de/debian/ sid/main i386 Packages
> rd at blackbox:~$
>
> I know that is not the only prerequisite to be exposed to the security
> issue, but I think even if not affected, closing this bug report and
> documenting your assessment this way is the right way to deal with
> this issue.
>
What makes you think that? 3.3.12+debian0-2 was uploaded exactly for this.
I'm closing this bug as it IS solved in 3.3.12+debian0-2 0. See
debian/patches/0008-Remove-backdoor.patch.
Regards
--
Mathieu Parent
More information about the pkg-horde-hackers
mailing list