[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 28 Jan 2009 09:21:02 +0100
From: Tomas Hoger <thoger@...hat.com>
To: OSS Security <oss-security@...ts.openwall.com>
Subject: CVE request - horde, imp
Hi!
New versions of horde and imp fix few security issues:
Horde 3.2.4 and 3.3.3:
* SECURITY: Fix unescaped output in the tag cloud block
* SECURITY: Fix unvalidated Horde_Image driver name
http://lists.horde.org/archives/announce/2009/000483.html
http://lists.horde.org/archives/announce/2009/000482.html
http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.413.2.3&r2=1.515.2.413.2.5&ty=h
Patches:
http://cvs.horde.org/diff.php/horde/services/portal/cloud_search.php?r1=1.1.2.2&r2=1.1.2.2.4.1
http://cvs.horde.org/diff.php/framework/Image/Image.php?r1=1.39.10.17&r2=1.39.10.17.4.1
Further details:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513265
IMP 4.2.2 and 4.3.3:
http://lists.horde.org/archives/announce/2009/000484.html
http://lists.horde.org/archives/announce/2009/000485.html
http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.699.2.301.2.1&r2=1.699.2.301.2.4&ty=h
Patches:
http://cvs.horde.org/diff.php/imp/pgp.php?r1=2.79.6.15&r2=2.79.6.15.2.1
http://cvs.horde.org/diff.php/imp/smime.php?r1=2.48.4.12&r2=2.48.4.12.4.1
http://cvs.horde.org/diff.php/imp/message.php?r1=2.560.4.56&r2=2.560.4.56.4.1
Debian bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513266
--
Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ
