oss-sec mailing list archives
Re: CVE Request -- Horde 3.3.5
From: Alex Legler <a3li () gentoo org>
Date: Tue, 15 Sep 2009 13:03:36 +0200
On Tue, 15 Sep 2009 12:39:45 +0200, Jan Lieskovsky <jlieskov () redhat com> wrote:
Hello Steve, vendors, three security issues have been addressed within latest upstream Horde version (3.3.5).
FYI: These issues also affect the Horde Groupware Edition and Horde Groupware Webmail Edition. Secunia has a dedicated advisory, SA369729 [1] for these. It mentions that the two editions are only affected by the two XSS issues. This is in accordance with upstream's release announcements. However, the 1.2.4 release of both editions seem to be missing in that advisory, both are vulnerable to all three issues, including the file overwrite, according to the release announcements [2, 3]. Alex [1] http://secunia.com/advisories/36729/ [2] http://marc.info/?l=horde-announce&m=125294558611682&w=2 [3] http://marc.info/?l=horde-announce&m=125295852706029&w=2
Attachment:
signature.asc
Description:
Current thread:
- CVE Request -- Horde 3.3.5 Jan Lieskovsky (Sep 15)
- Re: CVE Request -- Horde 3.3.5 Alex Legler (Sep 15)
- Re: CVE Request -- Horde 3.3.5 Steven M. Christey (Sep 16)