Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 28 Jan 2014 15:20:06 -0500 (EST)
From: cve-assign@...re.org
To: pedrib@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, jan@...de.org,
        carnil@...ian.org, seth.arnold@...onical.com, security@...ian.org,
        security@...ntu.com, security@...de.org
Subject: Re: Remote code execution in horde < 5.1.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> There is a remote code execution bug in horde affecting all versions from
> at least horde 3.1.x to 5.1.1.
> This has been fixed in commit
> https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3
> Also check changelog
> https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215

Use CVE-2014-1691.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJS6BBOAAoJEKllVAevmvmsxC0H/3N7rzO2EaPMilm2rVygcZe/
CEfkLhuu/85I5/4MZUkFE4dXkd5pn5pqFT5t4IgCxHGsoVK2q4sdHXGt1bLcPYjR
6V9EvwmI7X/HKeC6Ic3nomPSwiw+0FSuc7ofW0Yp/BbRmc5nLoNZiUhpGXv3A1wF
IpEH7J5o9/gmRQilnA2pl/fnBzDdRrdFjM6lKr30ntTlguRAVVRUBpi1uKNwK3fz
D1doE4/sixCmaF6qfT5VSJhnX1jOOz4bnpR2b8S5H0LSghiahCchTKVCtEiv/uAL
snVOmJhVEAjYZ4mrk8410i6nTd0vri8QCe4qsR5E6zQEsKzazDBuTM1AZc533sE=
=+xzP
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ