POC:
http://www.securityfocus.com/archive/1/archive/1/489239/100/0/threaded
--
[horde3] [CVE-2008-1284] information disclosure
https://bugs.launchpad.net/bugs/203456
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs
** Attachment removed: gutsy_horde3_3.1.4-1ubuntu1.debdiff
http://launchpadlibrarian.net/12920558/gutsy_horde3_3.1.4-1ubuntu1.debdiff
--
[horde3] [CVE-2008-1284] information disclosure
https://bugs.launchpad.net/bugs/203456
You received this bug notification because you are a member of Ubuntu
** Changed in: horde3 (Ubuntu Gutsy)
Importance: Undecided = High
Assignee: (unassigned) = Emanuele Gentili (emgent)
Status: New = In Progress
** Attachment added: gutsy_horde3_3.1.4-1ubuntu1.debdiff
http://launchpadlibrarian.net/12920558/gutsy_horde3_3.1.4-1ubuntu1.debdiff
--
Tested on virtual server, patch work fine.
--
[horde3] [CVE-2008-1284] information disclosure
https://bugs.launchpad.net/bugs/203456
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
** Attachment added: gutsy_horde3_3.1.4-1ubuntu0.1.debdiff
http://launchpadlibrarian.net/12920791/gutsy_horde3_3.1.4-1ubuntu0.1.debdiff
--
[horde3] [CVE-2008-1284] information disclosure
https://bugs.launchpad.net/bugs/203456
You received this bug notification because you are a member of
** Attachment added: feisty_horde3_3.1.3-4ubuntu0.1.debdiff
http://launchpadlibrarian.net/12921013/feisty_horde3_3.1.3-4ubuntu0.1.debdiff
** Changed in: horde3 (Ubuntu Feisty)
Importance: Undecided = High
Assignee: (unassigned) = Emanuele Gentili (emgent)
Status: New = In
** Attachment added: edgy_horde3_3.1.3-1ubuntu0.1.debdiff
http://launchpadlibrarian.net/12921547/edgy_horde3_3.1.3-1ubuntu0.1.debdiff
** Changed in: horde3 (Ubuntu Edgy)
Importance: Undecided = High
Assignee: (unassigned) = Emanuele Gentili (emgent)
Status: New = In Progress
** Attachment added: dapper_horde3_3.1.1-1ubuntu0.1.debdiff
http://launchpadlibrarian.net/12921654/dapper_horde3_3.1.1-1ubuntu0.1.debdiff
** Changed in: horde3 (Ubuntu Dapper)
Importance: Undecided = High
Assignee: (unassigned) = Emanuele Gentili (emgent)
Status: New = In
** Changed in: horde3 (Ubuntu Dapper)
Status: In Progress = Fix Committed
** Changed in: horde3 (Ubuntu Edgy)
Status: In Progress = Fix Committed
** Changed in: horde3 (Ubuntu Feisty)
Status: In Progress = Fix Committed
** Changed in: horde3 (Ubuntu Gutsy)
Status: In
This bug was fixed in the package horde3 - 3.1.4-1ubuntu0.1
---
horde3 (3.1.4-1ubuntu0.1) gutsy-security; urgency=low
* SECURITY UPDATE: (LP: #203456)
+ Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5,
and Groupware Webmail Edition before 1.0.6,
This bug was fixed in the package horde3 - 3.1.3-4ubuntu0.1
---
horde3 (3.1.3-4ubuntu0.1) feisty-security; urgency=low
* SECURITY UPDATE: (LP: #203456)
+ Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5,
and Groupware Webmail Edition before 1.0.6,
** Changed in: horde3 (Ubuntu Edgy)
Status: Fix Committed = Fix Released
** Changed in: horde3 (Ubuntu Dapper)
Status: Fix Committed = Fix Released
--
[horde3] [CVE-2008-1284] information disclosure
https://bugs.launchpad.net/bugs/203456
You received this bug notification because
Fixed in 3.1.7-1, which I'm requesting a sync for.
** Changed in: horde3 (Ubuntu Hardy)
Importance: Undecided = High
Assignee: (unassigned) = William Grant (fujitsu)
Status: New = In Progress
--
[horde3] [CVE-2008-1284] information disclosure
This bug was fixed in the package horde3 - 3.1.7-1
---
horde3 (3.1.7-1) unstable; urgency=high
* New upstream release.
* This new version has security fix: fix arbitrary file inclusion through
abuse of the theme preference (see CVE-2008-1284 for more informations).
** Changed in: horde3 (Debian)
Status: Unknown = Fix Released
--
[horde3] [CVE-2008-1284] information disclosure
https://bugs.launchpad.net/bugs/203456
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
15 matches
Mail list logo