-
Committer:
Bazaar Package Importer
-
Author(s):
Gregory Colpart
-
Date:
2009-01-29 01:15:51 UTC
-
mfrom:
(8.1.2 lenny)
-
Revision ID:
james.westby@ubuntu.com-20090129011551-zwxg6klu2zli3dv8
Tags: 3.2.2+debian0-2
* Add informations in README.Debian about test.php files: these files should
not be "allow from all", because test.php includes private informations and
could be unsafe (for example see CVE-2008-4182).
* Include a patch from Horde upstream to fix an IE-only hole in XSS filter
(See CVE-2008-5917 for more information). (Closes: #512592)
* Include patches from Horde upstream to fix a file inclusion issue in
Horde_Image driver name (Image/Image.php) and an unescaped output in
the tag cloud block (services/portal/cloud_search.php). (Closes: #513265)