Date: Tue, 15 Sep 2009 13:03:36 +0200 From: Alex Legler <a3li@...too.org> To: oss-security@...ts.openwall.com Cc: jlieskov@...hat.com, "Steven M. Christey" <coley@...us.mitre.org>, vuln@...unia.com Subject: Re: CVE Request -- Horde 3.3.5 On Tue, 15 Sep 2009 12:39:45 +0200, Jan Lieskovsky <jlieskov@...hat.com> wrote: > Hello Steve, vendors, > > three security issues have been addressed within latest upstream > Horde version (3.3.5). > FYI: These issues also affect the Horde Groupware Edition and Horde Groupware Webmail Edition. Secunia has a dedicated advisory, SA369729  for these. It mentions that the two editions are only affected by the two XSS issues. This is in accordance with upstream's release announcements. However, the 1.2.4 release of both editions seem to be missing in that advisory, both are vulnerable to all three issues, including the file overwrite, according to the release announcements [2, 3]. Alex  http://secunia.com/advisories/36729/  http://marc.info/?l=horde-announce&m=125294558611682&w=2  http://marc.info/?l=horde-announce&m=125295852706029&w=2 Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.