Package: horde3 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for horde3.
CVE-2008-1284[0]: | Directory traversal vulnerability in Horde 3.1.6, Groupware before | 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with | certain configurations, allows remote authenticated users to read and | execute arbitrary files via ".." sequences and a null byte in the | theme name. Patch is on: http://ftp.horde.org/pub/horde/patches/patch-horde-3.1.6-3.1.7.gz If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1284 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpX21zb63fuO.pgp
Description: PGP signature
