[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list]
Date: Thu, 12 Mar 2009 11:19:18 +0100
From: Ludwig Nussel <ludwig.nussel@...e.de>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...re.org>
Subject: Re: CVE request - horde, imp
Mitre was not in CC I guess the request got lost.
Tomas Hoger wrote:
> Hi!
>
> New versions of horde and imp fix few security issues:
>
> Horde 3.2.4 and 3.3.3:
> * SECURITY: Fix unescaped output in the tag cloud block
> * SECURITY: Fix unvalidated Horde_Image driver name
>
> http://lists.horde.org/archives/announce/2009/000483.html
> http://lists.horde.org/archives/announce/2009/000482.html
> http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.413.2.3&r2=1.515.2.413.2.5&ty=h
>
> Patches:
> http://cvs.horde.org/diff.php/horde/services/portal/cloud_search.php?r1=1.1.2.2&r2=1.1.2.2.4.1
> http://cvs.horde.org/diff.php/framework/Image/Image.php?r1=1.39.10.17&r2=1.39.10.17.4.1
>
>
> Further details:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513265
>
>
> IMP 4.2.2 and 4.3.3:
> http://lists.horde.org/archives/announce/2009/000484.html
> http://lists.horde.org/archives/announce/2009/000485.html
> http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.699.2.301.2.1&r2=1.699.2.301.2.4&ty=h
>
> Patches:
> http://cvs.horde.org/diff.php/imp/pgp.php?r1=2.79.6.15&r2=2.79.6.15.2.1
> http://cvs.horde.org/diff.php/imp/smime.php?r1=2.48.4.12&r2=2.48.4.12.4.1
> http://cvs.horde.org/diff.php/imp/message.php?r1=2.560.4.56&r2=2.560.4.56.4.1
>
> Debian bug:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513266
>
>
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ