[pkg-horde] Bug#803641: Bug#803641: Bug#803641: php-horde: Multiple CSRF Vulnerabilities
Philip Frei
pjf at gmx.de
Mon Nov 2 18:55:57 UTC 2015
On Mon, 2 Nov 2015 08:11:54 +0100 Mathieu Parent
<math.parent at gmail.com> wrote:
> Note that the Horde team doesn't provide CVEs, I've asked for it at:
> http://lists.horde.org/archives/dev/Week-of-Mon-20141201/028821.html
This[1] is how the Horde team handles security bugs in the
changelog:
"For security issues, we don't make it obvious that it's a security
issue being fixed when committing since this is publicly view-able
before the release goes out, which leaves existing installations more
vulnerable.
If there is an available CVE number, we do post that in the CHANGES
file though."
[1]
http://lists.horde.org/archives/horde/Week-of-Mon-20151102/054962.html
regard, Philip
More information about the pkg-horde-hackers
mailing list