[Bug 203456] Re: [horde3] [CVE-2008-1284] information disclosure

2008-03-27 Thread Emanuele Gentili
POC: http://www.securityfocus.com/archive/1/archive/1/489239/100/0/threaded -- [horde3] [CVE-2008-1284] information disclosure https://bugs.launchpad.net/bugs/203456 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs

[Bug 203456] Re: [horde3] [CVE-2008-1284] information disclosure

2008-03-27 Thread Emanuele Gentili
** Attachment removed: gutsy_horde3_3.1.4-1ubuntu1.debdiff http://launchpadlibrarian.net/12920558/gutsy_horde3_3.1.4-1ubuntu1.debdiff -- [horde3] [CVE-2008-1284] information disclosure https://bugs.launchpad.net/bugs/203456 You received this bug notification because you are a member of Ubuntu

[Bug 203456] Re: [horde3] [CVE-2008-1284] information disclosure

2008-03-27 Thread Emanuele Gentili
** Changed in: horde3 (Ubuntu Gutsy) Importance: Undecided = High Assignee: (unassigned) = Emanuele Gentili (emgent) Status: New = In Progress ** Attachment added: gutsy_horde3_3.1.4-1ubuntu1.debdiff http://launchpadlibrarian.net/12920558/gutsy_horde3_3.1.4-1ubuntu1.debdiff --

[Bug 203456] Re: [horde3] [CVE-2008-1284] information disclosure

2008-03-27 Thread Emanuele Gentili
Tested on virtual server, patch work fine. -- [horde3] [CVE-2008-1284] information disclosure https://bugs.launchpad.net/bugs/203456 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list

[Bug 203456] Re: [horde3] [CVE-2008-1284] information disclosure

2008-03-27 Thread Emanuele Gentili
** Attachment added: gutsy_horde3_3.1.4-1ubuntu0.1.debdiff http://launchpadlibrarian.net/12920791/gutsy_horde3_3.1.4-1ubuntu0.1.debdiff -- [horde3] [CVE-2008-1284] information disclosure https://bugs.launchpad.net/bugs/203456 You received this bug notification because you are a member of

[Bug 203456] Re: [horde3] [CVE-2008-1284] information disclosure

2008-03-27 Thread Emanuele Gentili
** Attachment added: feisty_horde3_3.1.3-4ubuntu0.1.debdiff http://launchpadlibrarian.net/12921013/feisty_horde3_3.1.3-4ubuntu0.1.debdiff ** Changed in: horde3 (Ubuntu Feisty) Importance: Undecided = High Assignee: (unassigned) = Emanuele Gentili (emgent) Status: New = In

[Bug 203456] Re: [horde3] [CVE-2008-1284] information disclosure

2008-03-27 Thread Emanuele Gentili
** Attachment added: edgy_horde3_3.1.3-1ubuntu0.1.debdiff http://launchpadlibrarian.net/12921547/edgy_horde3_3.1.3-1ubuntu0.1.debdiff ** Changed in: horde3 (Ubuntu Edgy) Importance: Undecided = High Assignee: (unassigned) = Emanuele Gentili (emgent) Status: New = In Progress

[Bug 203456] Re: [horde3] [CVE-2008-1284] information disclosure

2008-03-27 Thread Emanuele Gentili
** Attachment added: dapper_horde3_3.1.1-1ubuntu0.1.debdiff http://launchpadlibrarian.net/12921654/dapper_horde3_3.1.1-1ubuntu0.1.debdiff ** Changed in: horde3 (Ubuntu Dapper) Importance: Undecided = High Assignee: (unassigned) = Emanuele Gentili (emgent) Status: New = In

[Bug 203456] Re: [horde3] [CVE-2008-1284] information disclosure

2008-03-27 Thread Jamie Strandboge
** Changed in: horde3 (Ubuntu Dapper) Status: In Progress = Fix Committed ** Changed in: horde3 (Ubuntu Edgy) Status: In Progress = Fix Committed ** Changed in: horde3 (Ubuntu Feisty) Status: In Progress = Fix Committed ** Changed in: horde3 (Ubuntu Gutsy) Status: In

[Bug 203456] Re: [horde3] [CVE-2008-1284] information disclosure

2008-03-27 Thread Launchpad Bug Tracker
This bug was fixed in the package horde3 - 3.1.4-1ubuntu0.1 --- horde3 (3.1.4-1ubuntu0.1) gutsy-security; urgency=low * SECURITY UPDATE: (LP: #203456) + Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6,

[Bug 203456] Re: [horde3] [CVE-2008-1284] information disclosure

2008-03-27 Thread Launchpad Bug Tracker
This bug was fixed in the package horde3 - 3.1.3-4ubuntu0.1 --- horde3 (3.1.3-4ubuntu0.1) feisty-security; urgency=low * SECURITY UPDATE: (LP: #203456) + Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6,

[Bug 203456] Re: [horde3] [CVE-2008-1284] information disclosure

2008-03-27 Thread Jamie Strandboge
** Changed in: horde3 (Ubuntu Edgy) Status: Fix Committed = Fix Released ** Changed in: horde3 (Ubuntu Dapper) Status: Fix Committed = Fix Released -- [horde3] [CVE-2008-1284] information disclosure https://bugs.launchpad.net/bugs/203456 You received this bug notification because

[Bug 203456] Re: [horde3] [CVE-2008-1284] information disclosure

2008-03-26 Thread William Grant
Fixed in 3.1.7-1, which I'm requesting a sync for. ** Changed in: horde3 (Ubuntu Hardy) Importance: Undecided = High Assignee: (unassigned) = William Grant (fujitsu) Status: New = In Progress -- [horde3] [CVE-2008-1284] information disclosure

[Bug 203456] Re: [horde3] [CVE-2008-1284] information disclosure

2008-03-26 Thread Launchpad Bug Tracker
This bug was fixed in the package horde3 - 3.1.7-1 --- horde3 (3.1.7-1) unstable; urgency=high * New upstream release. * This new version has security fix: fix arbitrary file inclusion through abuse of the theme preference (see CVE-2008-1284 for more informations).

[Bug 203456] Re: [horde3] [CVE-2008-1284] information disclosure

2008-03-18 Thread Bug Watch Updater
** Changed in: horde3 (Debian) Status: Unknown = Fix Released -- [horde3] [CVE-2008-1284] information disclosure https://bugs.launchpad.net/bugs/203456 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list