On Tue, 14 Feb 2012 19:22:29 -0500, micah anderson <mi...@riseup.net> wrote: > CVE-2012-0791 has a simple changeset:
Sorry, I switched these CVE issues, this one is actually CVE-2012-0909 > https://github.com/horde/horde/commit/208eae43c95136a67104f760027a8892a22b6e25 > > it touches two files: > framework/Form/lib/Horde/Form/Type.php > framework/Form/package.xml > > neither of these files is in horde3 or imp4 that is in Squeeze. > > For the other issue CVE-2012-0909, that seems to affect Squeeze's IMP, this one is actually CVE-2012-0791. > and a changeset between version 4.3.10 and 4.3.11 was published here: > http://ftp.horde.org/pub/imp/patches/patch-imp-h3-4.3.10-h3-4.3.11.gz > > Squeeze has 4.3.7 - I've looked at the changeset above with a co-worker > and it does not look too hard to port to the debian version. We'll do so > in the next couple of days if nobody else does first. have a patch, testing it now. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
