Date: Tue, 28 Jan 2014 10:10:19 +0000 From: Pedro Ribeiro <pedrib@...il.com> To: oss-security@...ts.openwall.com Cc: Jan Schneider <jan@...de.org>, Salvatore Bonaccorso <carnil@...ian.org>, Seth Arnold <seth.arnold@...onical.com>, security@...ian.org, security@...ntu.com, security@...de.org Subject: Remote code execution in horde < 5.1.1 Hi, There is a remote code execution bug in horde affecting all versions from at least horde 3.1.x to 5.1.1. This has been fixed in commit https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3 Also check changelog https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215 Can you please assign a CVE for this issue? Thanks in advance. PS: while I discovered this bug independently reviewing horde3 code, the full credit should go to the horde maintainers as they discovered and fixed it first on horde5. Regards Pedro
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ