Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 28 Jan 2014 10:10:19 +0000
From: Pedro Ribeiro <pedrib@...il.com>
To: oss-security@...ts.openwall.com
Cc: Jan Schneider <jan@...de.org>, Salvatore Bonaccorso <carnil@...ian.org>, 
	Seth Arnold <seth.arnold@...onical.com>, security@...ian.org, security@...ntu.com, 
	security@...de.org
Subject: Remote code execution in horde < 5.1.1

Hi,

There is a remote code execution bug in horde affecting all versions from
at least horde 3.1.x to 5.1.1.
This has been fixed in commit
https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3
Also check changelog
https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215

Can you please assign a CVE for this issue?

Thanks in advance.

PS: while I discovered this bug independently reviewing horde3 code, the
full credit should go to the horde maintainers as they discovered and fixed
it first on horde5.

Regards
Pedro

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ