- Committer: Bazaar Package Importer
- Date: 2008-03-27 14:03:40 UTC
- Revision ID: james.westby@ubuntu.com-20080327140340-c9by7b1bgjrnugw6
* SECURITY UPDATE: (LP: #203456)
+ Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5,
and Groupware Webmail Edition before 1.0.6, when running with certain
configurations, allows remote authenticated users to read and execute arbitrary
files via ".." sequences and a null byte in the theme name.
Fix directory traversal vulnerability in Registry.php which allows
an attacker to read and execute arbitrary local files via crafted
path sequences.
* References
+ http://ftp.horde.org/pub/horde/patches/patch-horde-3.1.6-3.1.7.gz
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1284
+ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470640
+ http://www.debian.org/security/2008/dsa-1519
+ Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5,
and Groupware Webmail Edition before 1.0.6, when running with certain
configurations, allows remote authenticated users to read and execute arbitrary
files via ".." sequences and a null byte in the theme name.
Fix directory traversal vulnerability in Registry.php which allows
an attacker to read and execute arbitrary local files via crafted
path sequences.
* References
+ http://ftp.horde.org/pub/horde/patches/patch-horde-3.1.6-3.1.7.gz
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1284
+ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470640
+ http://www.debian.org/security/2008/dsa-1519
| Filename | Latest Rev | Last Changed | Committer | Comment | Size | ||
|---|---|---|---|---|---|---|---|
 ..
|
|||||||
index.php |
1.1.4 | 17 years ago | Bazaar Package Importer | Import upstream version 3.1.4 | 720 bytes |
|
|