[pkg-horde] Bug#660077: horde3: Remote execution backdoor after server hack

Mathieu Parent math.parent at gmail.com
Thu Feb 16 09:03:41 UTC 2012

Version: 3.3.12+debian0-2

Le 16 février 2012 09:47, Rainer Dorsch <rdorsch at web.de> a écrit :
> Package: horde3
> Version: 3_3.3.12+debian0-2
> Severity: grave
> Tags: security
> Justification: user security hole
> Dear Maintainer,
> a horde3 security issue is described here, which I would like to bring
> to your attention
>  http://dev.horde.org/h/jonah/stories/view.php?channel_id=1&id=155
> The version number of the compromised code matches what is in wheezy and sid
> rd at blackbox:~$ apt-cache policy horde3
> horde3:
>  Installiert: (keine)
>  Kandidat:    3.3.12+debian0-2
>  Versionstabelle:
>     3.3.12+debian0-2 0
>        500 http://ftp-stud.fht-esslingen.de/debian/ wheezy/main i386 Packages
>        300 http://ftp-stud.fht-esslingen.de/debian/ sid/main i386 Packages
> rd at blackbox:~$
> I know that is not the only prerequisite to be exposed to the security
> issue, but I think even if not affected, closing this bug report and
> documenting your assessment this way is the right way to deal with
> this issue.

What makes you think that? 3.3.12+debian0-2 was uploaded exactly for this.

I'm closing this bug as it IS solved in 3.3.12+debian0-2 0. See

Mathieu Parent

More information about the pkg-horde-hackers mailing list