Bug#585165: [pkg-horde] Bug#585165: CVE-2010-1916: Security issue in Xinha
Hi! Am 18.07.2010 01:18, schrieb Gregory Colpart: Please check if your code copy is affected and update the internal copy. I think code copy of xinha in Horde is not affected because there is no PHP code from Xinha on it. Majority of Xinha plugins are not present. Is there a specific reason, why this bug is open, if the problem doesn't exist? I was hoping a confirmation of my analysis I just looked at the code, and it seems to me, you are right: Neither horde3 3.3.8+debian0-1 (sid/squeeze) nor horde3 3.2.2+debian0-2+lenny2 (lenny) are affected. Best regards, Alexander -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#585165: [pkg-horde] Bug#585165: CVE-2010-1916: Security issue in Xinha
Hi, On Thu, Jul 15, 2010 at 02:51:07PM +0200, Alexander Reichle-Schmehl wrote: * Gregory Colpart r...@evolix.fr [100622 01:48]: [..] Please check if your code copy is affected and update the internal copy. I think code copy of xinha in Horde is not affected because there is no PHP code from Xinha on it. Majority of Xinha plugins are not present. Is there a specific reason, why this bug is open, if the problem doesn't exist? I was hoping a confirmation of my analysis. But from my point of view, bug should be closed. Okay, there is still: * Moritz Muehlenhoff j...@debian.org [100609 19:05]: [..] There's already an ITP for xinha (Bug 479708) and since four packages currently in the archive use xinha (openacs, Horde, serendipity and dotlrn) it would be nice if we could migrate to a single package for Squeeze. But a the package doesn't seem to have made much progress recently, what about a: retitle 585165 Please use system xinha instead of own copy severity 585165 important block 585165 bye 479708 Ok. I do that. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#585165: [pkg-horde] Bug#585165: CVE-2010-1916: Security issue in Xinha
Hi! * Gregory Colpart r...@evolix.fr [100622 01:48]: [..] Please check if your code copy is affected and update the internal copy. I think code copy of xinha in Horde is not affected because there is no PHP code from Xinha on it. Majority of Xinha plugins are not present. Is there a specific reason, why this bug is open, if the problem doesn't exist? Okay, there is still: * Moritz Muehlenhoff j...@debian.org [100609 19:05]: [..] There's already an ITP for xinha (Bug 479708) and since four packages currently in the archive use xinha (openacs, Horde, serendipity and dotlrn) it would be nice if we could migrate to a single package for Squeeze. But a the package doesn't seem to have made much progress recently, what about a: retitle 585165 Please use system xinha instead of own copy severity 585165 important block 585165 bye 479708 Best Regards, Alexander -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#585165: [pkg-horde] Bug#585165: CVE-2010-1916: Security issue in Xinha
On Tue, Jun 22, 2010 at 01:48:00AM +0200, Gregory Colpart wrote: Hi, On Wed, Jun 09, 2010 at 07:05:51PM +0200, Moritz Muehlenhoff wrote: Horde includes a copy of Xinha, for which the following security issue was reported: http://php-security.org/2010/05/10/mops-2010-019-serendipity-wysiwyg-editor-plugin-configuration-injection-vulnerability/index.h+tml http://xinha.webfactional.com/ticket/1518 Please check if your code copy is affected and update the internal copy. I think code copy of xinha in Horde is not affected because there is no PHP code from Xinha on it. Majority of Xinha plugins are not present. Ok, added to the Security Tracker. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#585165: [pkg-horde] Bug#585165: CVE-2010-1916: Security issue in Xinha
Hi, On Wed, Jun 09, 2010 at 07:05:51PM +0200, Moritz Muehlenhoff wrote: Horde includes a copy of Xinha, for which the following security issue was reported: http://php-security.org/2010/05/10/mops-2010-019-serendipity-wysiwyg-editor-plugin-configuration-injection-vulnerability/index.h+tml http://xinha.webfactional.com/ticket/1518 Please check if your code copy is affected and update the internal copy. I think code copy of xinha in Horde is not affected because there is no PHP code from Xinha on it. Majority of Xinha plugins are not present. Regards, -- Gregory Colpart r...@evolix.fr GnuPG:1024D/C1027A0E Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org