Hi Geoff
Is it this one?
horde3 (3.0.4-4sarge2) stable-security; urgency=high
* Applied fix for cross site scripting vulnerabilities from 3.0.7
version of horde3 (CVE-2005-3759), closes: #340323.
-- Ola Lundqvist <[EMAIL PROTECTED]> Tue, 22 Nov 2005 20:38:11 +0100
Or maybe it is not as this one was fixed in 3.0.7...
It looks like I have to do some work here to prepare this for the
security team...
Regards,
// Ola
On Tue, Feb 28, 2006 at 08:39:34AM +1100, Geoff Crompton wrote:
> Ola Lundqvist wrote:
> > On Mon, Feb 27, 2006 at 10:50:52AM +1100, Geoff Crompton wrote:
> >
> >>Package: horde3
> >>Severity: normal
> >>
> >>Looks like this is fine for etch and sid, but I'm not sure if this has been
> >>fixed for sarge.
> >>
> >>Haven't found a CVE for this, it's from SEC Consult Security Advisory
> >>20051211-0. Other horde apps are also affected, but I've not done bug
> >>reports
> >>for them.
> >
> >
> > Can you provide a link to the advisory?
> >
> > Regards,
> >
> > // Ola
>
> http://www.securityfocus.com/bid/15806 is where I originally saw it.
> They reference http://www.sec-consult.com/245.html as the original
> researchers who found the problems.
>
> Cheers
>
> --
> Geoff Crompton
> Debian System Administrator
> Strategic Data
> +61 3 9340 9000
>
--
--- Ola Lundqvist systemkonsult --- M Sc in IT Engineering ----
/ [EMAIL PROTECTED] Annebergsslingan 37 \
| [EMAIL PROTECTED] 654 65 KARLSTAD |
| http://www.opal.dhs.org Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
