[Secure-testing-team] Bug#660077: horde3: Remote execution backdoor after server hack
Rainer Dorsch
rdorsch at web.de
Thu Feb 16 08:47:59 UTC 2012
Package: horde3
Version: 3_3.3.12+debian0-2
Severity: grave
Tags: security
Justification: user security hole
Dear Maintainer,
a horde3 security issue is described here, which I would like to bring
to your attention
http://dev.horde.org/h/jonah/stories/view.php?channel_id=1&id=155
The version number of the compromised code matches what is in wheezy and sid
rd at blackbox:~$ apt-cache policy horde3
horde3:
Installiert: (keine)
Kandidat: 3.3.12+debian0-2
Versionstabelle:
3.3.12+debian0-2 0
500 http://ftp-stud.fht-esslingen.de/debian/ wheezy/main i386 Packages
300 http://ftp-stud.fht-esslingen.de/debian/ sid/main i386 Packages
rd at blackbox:~$
I know that is not the only prerequisite to be exposed to the security
issue, but I think even if not affected, closing this bug report and
documenting your assessment this way is the right way to deal with
this issue.
Many thanks,
Rainer
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing'), (300, 'unstable'), (200, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 3.1.0-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
More information about the Secure-testing-team
mailing list