Hi, attached is a patch for an NMU fixing this issue. It will be also archived on: http://people.debian.org/~nion/nmu-diff/horde3-3.1.6-1_3.1.6-1.1.patch
Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u horde3-3.1.6/debian/changelog horde3-3.1.6/debian/changelog
--- horde3-3.1.6/debian/changelog
+++ horde3-3.1.6/debian/changelog
@@ -1,3 +1,12 @@
+horde3 (3.1.6-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix directory traversal vulnerability in Registry.php which allows
+ an attacker to read and execute arbitrary local files via crafted
+ path sequences (CVE-2008-1284; Closes: #470640).
+
+ -- Nico Golde <[EMAIL PROTECTED]> Sat, 15 Mar 2008 02:32:47 +0100
+
horde3 (3.1.6-1) unstable; urgency=high
* New upstream release.
only in patch2:
unchanged:
--- horde3-3.1.6.orig/lib/Horde/Registry.php
+++ horde3-3.1.6/lib/Horde/Registry.php
@@ -1054,7 +1054,7 @@
if (isset($GLOBALS['prefs']) &&
($theme = $GLOBALS['prefs']->getValue('theme')) &&
(isset($theme_icons) ||
- ((@include $this->get('themesfs', 'horde') . '/' . $theme . '/info.php') &&
+ ((@include $this->get('themesfs', 'horde') . '/' . basename($theme) . '/info.php') &&
isset($theme_icons))) &&
in_array($app, $theme_icons)) {
$img_dir[$app] = $this->get('themesuri', $app) . '/' . $theme . '/graphics';
only in patch2:
unchanged:
--- horde3-3.1.6.orig/lib/Horde/iCalendar/vfreebusy.php
+++ horde3-3.1.6/lib/Horde/iCalendar/vfreebusy.php
@@ -82,7 +82,7 @@
}
$name = $this->getAttribute($attr, true);
- if (isset($name[0]['CN'])) {
+ if (!is_a($name, 'PEAR_Error') && isset($name[0]['CN'])) {
return $name[0]['CN'];
}
pgpY8DbaxU0Xg.pgp
Description: PGP signature
