Hi Gregory, * Gregory Colpart <[EMAIL PROTECTED]> [2008-07-27 16:42]: > On Sun, Jul 27, 2008 at 03:31:37PM +0200, Nico Golde wrote: > > Which version did fix this? > > 3.2.1+debian0-1 fixed it.
Thanks > > I can't see an old CVE id describing this problem, is a new CVE > > id needed for this one? > > There is no CVE id for it. I'm not sure Debian needs a new CVE id > because upstream said only Horde 3.2 and Turba 2.2 are affected > (this versions are *not* in Debian). But they were in the archive and other vendors might still have them in their archive. I also added 2.2.1-1 as the fixed version in the security tracker and requested a CVE id. Cheers Nico P.S. Please mention such fixes as security fixes in the changelog next time so we can get them easier on our radars. -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpfuXFnZpO4r.pgp
Description: PGP signature
